Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- function SQLInjectionTest($checkstring)
- {
- $sqltest = array ("/SELECT.*/i",
- "/INSERT.*/i",
- "/DELETE.*/i",
- "/UPDATE.*/i",
- "/ALTER.*/i",
- "/DROP.*/i",
- "/CREATE.*/i",
- "/substr/i",
- "/varchar/i",
- "/or.*\d=\d/i",
- "/and.*\d=\d/i");
- foreach ($sqltest as $regex)
- {
- if (preg_match($regex, $checkstring))
- {
- return TRUE;
- }
- }
- return FALSE;
- }
- function check_inej()
- {
- foreach ($_POST as $key => $value)
- {
- if ( SQLInjectionTest($value))
- {
- echo "<h1> SQL INJECTION DETECTED!!! </h1>";
- exit(0);
- }
- }
- foreach ($_GET as $key => $value)
- {
- if ( SQLInjectionTest($value))
- {
- echo "<h1> SQL INJECTION DETECTED!!! </h1>";
- exit(0);
- }
- }
- }
- check_inej();
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement