windows.XP Senior
Sex : Mesaje : 279 Data de inscriere : 25/02/2011 Varsta : 25 Localizare : md/Cricova Distractii : fotball!
| Subiect: Anti SQL Injection SCRIPT Dum Feb 27, 2011 6:07 pm | |
| - Cod:
-
[color=#000000][color=#FF8000]// Anti-SQL Injection
[/color][color=#007700]function [/color][color=#0000BB]check_inject[/color][color=#007700]()
{
[/color][color=#0000BB]$badchars [/color][color=#007700]= array([/color][color=#DD0000]";"[/color][color=#007700], [/color][color=#DD0000]"'"[/color][color=#007700], [/color][color=#DD0000]"""[/color][color=#007700], [/color][color=#DD0000]"*"[/color][color=#007700], [/color][color=#DD0000]"DROP"[/color][color=#007700], [/color][color=#DD0000]"SELECT"[/color][color=#007700], [/color][color=#DD0000]"UPDATE"[/color][color=#007700], [/color][color=#DD0000]"DELETE"[/color][color=#007700], [/color][color=#DD0000]"-"[/color][color=#007700]);
foreach([/color][color=#0000BB]$_POST [/color][color=#007700]as [/color][color=#0000BB]$value[/color][color=#007700])
{
if([/color][color=#0000BB]in_array[/color][color=#007700]([/color][color=#0000BB]$value[/color][color=#007700], [/color][color=#0000BB]$badchars[/color][color=#007700]))
{
die([/color][color=#DD0000]"SQL Injection Detected\n<br />\nIP: "[/color][color=#007700].[/color][color=#0000BB]$_SERVER[/color][color=#007700][[/color][color=#DD0000]'REMOTE_ADDR'[/color][color=#007700]]);
**
else
{
[/color][color=#0000BB]$check [/color][color=#007700]= [/color][color=#0000BB]preg_split[/color][color=#007700]([/color][color=#DD0000]"//"[/color][color=#007700], [/color][color=#0000BB]$value[/color][color=#007700], -[/color][color=#0000BB]1[/color][color=#007700], [/color][color=#0000BB]PREG_SPLIT_OFFSET_CAPTURE[/color][color=#007700]);
foreach([/color][color=#0000BB]$check [/color][color=#007700]as [/color][color=#0000BB]$char[/color][color=#007700])
{
if([/color][color=#0000BB]in_array[/color][color=#007700]([/color][color=#0000BB]$char[/color][color=#007700], [/color][color=#0000BB]$badchars[/color][color=#007700]))
{
die([/color][color=#DD0000]"SQL Injection Detected\n<br />\nIP: "[/color][color=#007700].[/color][color=#0000BB]$_SERVER[/color][color=#007700][[/color][color=#DD0000]'REMOTE_ADDR'[/color][color=#007700]]);
**
**
**
**
** [/color][/color] |
|