Protection Against SQL Injection Attacks (Rated 5)Description:
SQL Injection attacks are ways of extracting, or modifying your database without appropriate permissions.
These two functions can help you to make your scripts a little more secure.
First Function:
The majority of injection attacks require the user of single quotes to terminate an expression. By using a simple replace function and converting all single quotes to two single quotes, you're greatly reducing the chance of an injection attack succeeding.
Second Function:
Another way of exploiting scripts is to use certain characters and character sequences such as ;, --, select, insert and xp_. By removing these characters and character sequences from user input before we build a query, we can help reduce the chance of an injection attack even further. Code starts here
<?PHP
function stripQuotes($strWords)
{
$strWords = str_replace("''", "'", $strWords)
return $strWords ;
}
function killChars($strWords)
{
$badChars = array("select", "drop", ";", "--", "insert", "delete", "xp_") ;
str_replace() ;
foreach($badChars as $current)
{
$strWords = str_replace($current, '', $strWords);
}
return $strWords ;
}
?>
Submitted by Devscripts on 30-06-2003 13:38 |
