Code: Select all
<?php
//anti_injection.php
function anti_injection($sql)
{
// remove words like: /(from|select|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/
$sql = preg_replace(sql_regcase("/(from|select|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/"),"",$sql);
$sql = trim($sql);//limpa espaços vazio
$sql = strip_tags($sql);//tira tags html e php
$sql = addslashes($sql);//Adiciona barras invertidas a uma string
return $sql;
}
echo anti_injection($word);
?>
Hello guys, this is a simple code to block sql string in the url.
I want to test if this funcion is realy secure, i try many ways to bypass that, without sucess.
exemple: anti_injection.php?word=union all select 0 from test
the anti_injection function return NULL to $word.