Digit Technology Discussion Forum - View Single Post

11-03-2005, 05:29 PM

i made this following code, to hope it will protect from mysql injection
tell me if u find a bug or something

function remove_bad($value)
{
$value = addslashes($value);
$value = strip_tags($value);

echo ereg_replace("select", "nselectn", $value);
echo ereg_replace("delete", "ndeleten", $value);
echo ereg_replace("drop", "ndropn", $value);
echo ereg_replace("update", "nupdaten", $value);
echo ereg_replace("where", "nwheren", $value);

return $value;
}

reverse. hopefully you know, how this is going to work

function add_bad($value)
{
echo ereg_replace("nselectn", "select", $value);
echo ereg_replace("ndeleten", "delete", $value);
echo ereg_replace("ndropn", "drop", $value);
echo ereg_replace("nupdaten", "update", $value);
echo ereg_replace("nwheren", "where", $value);
$value = stripslashes($value);

return $value;
}

source, mysite http://www.rokda.info/forum/sutra14.html#14

11-03-2005, 05:29 PM	#1 (permalink)
sunnydiv Guest Posts: n/a	mysql attack, prevention i made this following code, to hope it will protect from mysql injection tell me if u find a bug or something function remove_bad($value) { $value = addslashes($value); $value = strip_tags($value); echo ereg_replace("select", "nselectn", $value); echo ereg_replace("delete", "ndeleten", $value); echo ereg_replace("drop", "ndropn", $value); echo ereg_replace("update", "nupdaten", $value); echo ereg_replace("where", "nwheren", $value); return $value; } reverse. hopefully you know, how this is going to work function add_bad($value) { echo ereg_replace("nselectn", "select", $value); echo ereg_replace("ndeleten", "delete", $value); echo ereg_replace("ndropn", "drop", $value); echo ereg_replace("nupdaten", "update", $value); echo ereg_replace("nwheren", "where", $value); $value = stripslashes($value); return $value; } source, mysite http://www.rokda.info/forum/sutra14.html#14