Skip to content

Instantly share code, notes, and snippets.

@f
Created January 27, 2011 17:14
Show Gist options
  • Save f/798827 to your computer and use it in GitHub Desktop.
Save f/798827 to your computer and use it in GitHub Desktop.
<?php
class Security {
/**
* if(Security::checkInjection($value)) {
* error_log('Possible SQL/XSS injection attack detected with the request '.$value);
* }
*
* @param $value
* @return bool
*/
public static function checkInjection($value)
{
$injections = array(
//SQL injections
'/(\%27)|(\')|(\-\-)|(\%23)|(#)/im',
'/((\%3D)|(=))[^\n]*((\%27)|(\')|(\-\-)|(\%3B)|(;))/im',
'/\d*((\%6F)|o|(\%4F))((\%72)|r|(\%52)).*(=).*/im',
'/\w*((\%27)|(\'))((\%6F)|o|(\%4F))((\%72)|r|(\%52))/im',
'/((\%27)|(\'))union/im',
'/(exec|call)(\s|\+)+(s|x)p\w+/im',
//XSS Injection
'/((\%3C)|<)((\%2F)|\/)*[a-z0-9\%]+((\%3E)|>)/im',
'/((\%3C)|<)((\%69)|i|(\%49))((\%6D)|m|(\%4D))((\%67)|g|(\%47))[^\n]+((\%3E)|>)/im',
'/((\%3C)|<)[^\n]+((\%3E)|>)/i'
);
foreach ($injections as $regexp)
{
var_dump($regexp);
if (preg_match($regexp, $value))
{
return true;
}
}
return false;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment