LucasFerraz
Systems Analyst
Hello,
I'm tired of seeing lot of OTs being hacked, then I decided to post this Anti sql Injection and Blocking Right-click.
I didn't made it, I searched and found it, don't remember where. I tested in Gesior's AAC and It's working fine.
//How to use that
You must add the code in layout.php
Blocking Right-click.
Anti sql Injection
//Example?
I'm tired of seeing lot of OTs being hacked, then I decided to post this Anti sql Injection and Blocking Right-click.
I didn't made it, I searched and found it, don't remember where. I tested in Gesior's AAC and It's working fine.
//How to use that
You must add the code in layout.php
Blocking Right-click.
PHP:
<body oncontextmenu="return false" onselectstart="return false" ondragstart="return false">
Anti sql Injection
PHP:
<?php
function anti_injection($sql)
{
// remove palavras que contenham sintaxe sql
$sql = preg_replace(sql_regcase("/(from|select|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/"),"",$sql);
$sql = trim($sql);//limpa espaços vazio
$sql = strip_tags($sql);//tira tags html e php
$sql = addslashes($sql);//Adiciona barras invertidas a uma string
return $sql;
}
//modo de usar pegando dados vindos do formulario
$nome = anti_injection($_POST["nome"]);
$senha = anti_injection($_POST["senha"]);
//changing html characters using htmlspecialchars() Learn more here: http://www.php.net/manual/en/function.htmlspecialchars.php
//$_POST['link'] = <a href="test">test</a>
$link = htmlspecialchars($_POST['link'], ENT_QUOTES);
echo $link; //outputs: <a href='test'>Test</a>
header("Content-Type: text/html; charset=ISO-8859-1",true) ?>
//Example?
PHP:
<body oncontextmenu="return false" onselectstart="return false" ondragstart="return false">
<?php
function anti_injection($sql)
{
// remove palavras que contenham sintaxe sql
$sql = preg_replace(sql_regcase("/(from|select|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/"),"",$sql);
$sql = trim($sql);//limpa espaços vazio
$sql = strip_tags($sql);//tira tags html e php
$sql = addslashes($sql);//Adiciona barras invertidas a uma string
return $sql;
}
//modo de usar pegando dados vindos do formulario
$nome = anti_injection($_POST["nome"]);
$senha = anti_injection($_POST["senha"]);
//changing html characters using htmlspecialchars() Learn more here: http://www.php.net/manual/en/function.htmlspecialchars.php
//$_POST['link'] = <a href="test">test</a>
$link = htmlspecialchars($_POST['link'], ENT_QUOTES);
echo $link; //outputs: <a href='test'>Test</a>
header("Content-Type: text/html; charset=ISO-8859-1",true) ?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title><?PHP echo $title ?></title>
Last edited: