Skip to content

Instantly share code, notes, and snippets.

@nawawi

nawawi/gist:1ca6130c669a9da9dee6

Last active August 29, 2015 14:15
Show Gist options
  • Save nawawi/1ca6130c669a9da9dee6 to your computer and use it in GitHub Desktop.
Save nawawi/1ca6130c669a9da9dee6 to your computer and use it in GitHub Desktop.
Download ZIP
remove sql injecttion
Raw
gistfile1.php
<?php
/* nawawi jamili -- rutweb.com */
function _remove_sql_inject($str) {
// add more pattern
$pat[] = "/'\s+AND\s+extractvalue.*/i";
$pat[] = "/'\s+and\(.*/i";
$pat[] = "/select\s+.*?\s+from.*/i";
$pat[] = "/(rand|user|version|database)\(.*/i";
$pat[] = "/union\(.*/i";
$pat[] = "/CONCAT\(.*/i";
$pat[] = "/CONCAT_WS\(.*/i";
$pat[] = "/ORDER\s+BY.*/i";
$pat[] = "/UNION\s+SELECT.*/i";
$pat[] = "/'\s+union\s+select\+.*/i";
$pat[] = "/GROUP_CONCAT.*/i";
$pat[] = "/delete\s+from.*/i";
$pat[] = "/update\s+.*?\s+set=.*/i";
$pat[] = "/'\s+and\s+\S+\(.*/i";
$pat[] = "/'\s+and\s+\S+\s+\(.*/i";
return preg_replace($pat,"", $str);
}
if ( !function_exists('array_map_recursive') ) {
function array_map_recursive($func, $arr) {
$new = array();
foreach($arr as $key => $value) {
$new[$key] = ( is_array($value) ?
array_map_recursive($func, $value) :
( is_array($func) ?
call_user_func_array($func, $value) :
$func($value) )
);
}
return $new;
}
}
if ( !empty($_GET) ) $_GET = array_map_recursive('_remove_sql_inject', $_GET);
if ( !empty($_POST) ) $_POST = array_map_recursive('_remove_sql_inject', $_POST);
if ( !empty($_REQUEST) ) $_REQUEST = array_map_recursive('_remove_sql_inject', $_REQUEST);
if ( !empty($_COOKIE) ) $_COOKIE = array_map_recursive('_remove_sql_inject', $_COOKIE);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment