senky/validator.php

## validator.php
<?php

$code = file_get_contents('manager.php');
$code_exploded = explode("\n", $code);

if (preg_match_all('/WHERE[^;\$]+[=<>]+[^;]+("|\') \. \$/mU', $code, $matches, PREG_OFFSET_CAPTURE))
{
	foreach ($matches[0] as $match)
	{
		$prelines = substr_count($code, "\n", 0, $match[1]);
		$inlines = substr_count($match[0], "\n");
		$line = $prelines + $inlines;

		if (strpos($code_exploded[$line], 'sql_in_set') !== false || strpos($code_exploded[$line], 'sql_escape') !== false || strpos($code_exploded[$line], 'sql_bit_and') !== false || strpos($code_exploded[$line], 'get_visibility_sql') !== false || strpos($code_exploded[$line], 'get_sql_where') !== false || strpos($code_exploded[$line], 'get_forums_visibility_sql') !== false)
		{
			continue;
		}

		echo 'potential SQL injection in on line ' . ($line + 1) . ":\n";
		echo $code_exploded[$line];
		echo "\n\n";
	}
}
	<?php

	$code = file_get_contents('manager.php');
	$code_exploded = explode("\n", $code);

	if (preg_match_all('/WHERE[^;\$]+[=<>]+[^;]+("\|\') \. \$/mU', $code, $matches, PREG_OFFSET_CAPTURE))
	{
	foreach ($matches[0] as $match)
	{
	$prelines = substr_count($code, "\n", 0, $match[1]);
	$inlines = substr_count($match[0], "\n");
	$line = $prelines + $inlines;

	if (strpos($code_exploded[$line], 'sql_in_set') !== false \|\| strpos($code_exploded[$line], 'sql_escape') !== false \|\| strpos($code_exploded[$line], 'sql_bit_and') !== false \|\| strpos($code_exploded[$line], 'get_visibility_sql') !== false \|\| strpos($code_exploded[$line], 'get_sql_where') !== false \|\| strpos($code_exploded[$line], 'get_forums_visibility_sql') !== false)
	{
	continue;
	}

	echo 'potential SQL injection in on line ' . ($line + 1) . ":\n";
	echo $code_exploded[$line];
	echo "\n\n";
	}
	}