<?php
function __sql_regcase($string){
$max = strlen($string);
$ret = '';
for ($i = 0; $i < $max; $i++) {
$char = substr($string,$i,1);
$up = strtoupper($char);
$low = strtolower($char);
$ret .=($up != $low) ? '[' . $up . $low . ']' : $char;
}
return $ret;
}
function escape($data) {
$data = preg_replace(__sql_regcase("/(from|select|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/"),"", $data);
return $data;
}
foreach($_POST as $key=>$value) {
$_POST[$key.'Original'] = $value;
$_POST[$key] = escape($value);
}
if($config['engine']['enable_query_strings']) {
foreach($_GET as $key=>$value) {
$_GET[$key] = escape($value);
}
$_REQUEST = array_merge($_GET, $_POST);
} else {
$_REQUEST = $_POST;
}
?>