Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <script>
- function tSQLInjection(id){
- document.getElementById('message').innerHTML = "";
- var format = /[!@#$%^&*()_+\-=\[\]{};':"\\|,.<>\/?]/;
- var str = document.getElementById(id).value;
- if(format.test(str)){
- document.getElementById(id).value = "";
- document.getElementById('message').innerHTML = "Please Key in valid characters!. Your text is [" + str + "]";
- }
- }
- </script>
- <?php
- function chkSQLInjection($text){
- $vTF = false;
- if (preg_match('/[\'^£$%&*()}{@#~?><>,|=_+¬-]/', $text)) {
- echo "has special character";
- $vTF = false;
- }
- return $vTF;
- }
- if( isset($_POST["btnSubmit"]) ) {
- $userid = $_POST["txtuserid"];
- $pass = $_POST["txtpassword"];
- $username = $_POST["txtname"];
- mysql_connect("localhost","root","") or die("Cannot Connect to DB Server!");
- mysql_select_db("dbsec") or die("Cannot Select database");
- $vSQL = " Insert into umaster (userid, password, username) values ( ";
- $vSQL .= " '$userid', '$pass', '$username' ) ";
- mysql_query($vSQL);
- echo $vSQL;
- }
- ?>
- <html>
- <head>
- <title>Web Security</title>
- <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
- </head>
- <body>
- <center>
- <form method="post">
- User id :<input id="txtuserid" name="txtuserid" type="text" value="" size="30" onMouseUp="tSQLInjection(this.id)" onKeyUp="tSQLInjection(this.id)" />
- <br>
- Password:<input id="txtpassword" name="txtpassword" type="text" value="" size="30" onMouseUp="tSQLInjection(this.id)" onKeyUp="tSQLInjection(this.id)" />
- <br>
- Name :<input id="txtname" name="txtname" type="text" value="" size="30" onMouseUp="tSQLInjection(this.id)" onKeyUp="tSQLInjection(this.id)" />
- <br>
- <input type="submit" name="btnSubmit" value="Insert" />
- </form>
- <hint id="message"></hint>
- </center>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
