fenomenoide
New Member
- Joined
- Oct 22, 2007
- Messages
- 134
- Reaction score
- 0
<?php
function sql_seguro($valor)
{
/*we are replacing < > so it doesnt insert codes as <?php ...ataque... ?>*/
$valor = str_replace("<","<",$valor);
$valor = str_replace(">",">",$valor);
/*words that can cause problems*/
$valor = str_replace('INSERT','[INSERT]',$valor);
$valor = str_replace('REPLACE','[REPLACE]',$valor);
$valor = str_replace('UPDATE','[UPDATE]',$valor);
$valor = str_replace('DELETE','[DELETE]',$valor);
$valor = str_replace('SELECT','[SELECT]',$valor);
$valor = str_replace('TRUNCATE','[TRUNCATE]',$valor);
$valor = str_replace('CREATE','[CREATE]',$valor);
$valor = str_replace('DROP','[DROP]',$valor);
$valor = str_replace('SET','[SET]',$valor);
$valor = str_replace(';','[;]',$valor);
$valor = str_replace('"','["]',$valor);
$valor = str_replace("'","[']",$valor);
return $valor;
}
function sql_noseguro($valor)
{
/*words that can make problems*/
$valor = str_replace('[INSERT]','INSERT',$valor);
$valor = str_replace('[REPLACE]','REPLACE',$valor);
$valor = str_replace('[UPDATE]','UPDATE',$valor);
$valor = str_replace('[DELETE]','DELETE',$valor);
$valor = str_replace('[SELECT]','SELECT',$valor);
$valor = str_replace('[TRUNCATE]','TRUNCATE',$valor);
$valor = str_replace('[CREATE]','CREATE',$valor);
$valor = str_replace('[DROP]','DROP',$valor);
$valor = str_replace('[SET]','SET',$valor);
$valor = str_replace('[;]',';',$valor);
$valor = str_replace('["]','"',$valor);
$valor = str_replace("[']","'",$valor);
return $valor;
}
?>
What do you think...
These is just a beta try
Trying make more anti-~~~ you kno