SQL Injection Filter

1. <?php
2. function SQLInjectionTest($checkstring)
3. {
4. $sqltest = array ("/SELECT.*/i",
5. "/INSERT.*/i",
6. "/DELETE.*/i",
7. "/UPDATE.*/i",
8. "/ALTER.*/i",
9. "/DROP.*/i",
10. "/CREATE.*/i",
11. "/substr/i",
12. "/varchar/i",
13. "/or.*\d=\d/i",
14. "/and.*\d=\d/i");
15. foreach ($sqltest as $regex)
16. {
17. if (preg_match($regex, $checkstring))
18. {
19. return TRUE;
20. }
21. }
22. return FALSE;
23. }
24.  
25.  
26. function check_inej()
27. {
28.  foreach ($_POST as $key => $value)
29.   {
30.    
31.     if ( SQLInjectionTest($value))
32.   {
33.   echo "<h1> SQL INJECTION DETECTED!!! </h1>";
34.   exit(0);
35.   }
36.    }
37.  
38.  
39.    foreach ($_GET as $key => $value)
40.   {
41.    
42.     if ( SQLInjectionTest($value))
43.   {
44.   echo "<h1> SQL INJECTION DETECTED!!! </h1>";
45.   exit(0);
46.   }
47.    }
48. }
49.  
50. check_inej();
51.  
52.  
53. ?>