filtering manual sql query
Posted: Fri Oct 03, 2003 2:37 am
Hello all,
I have a script that allows the user to execute sql queries as he pleases.
I want to allow only 'SELECT' queries and not DELETE,ALTER,DROP,UPDATE and any changes on the db.
Does anybody have an idea besids using strstr or preg_match and looking for suspicious words?
?>[/b][/i]
I have a script that allows the user to execute sql queries as he pleases.
I want to allow only 'SELECT' queries and not DELETE,ALTER,DROP,UPDATE and any changes on the db.
Does anybody have an idea besids using strstr or preg_match and looking for suspicious words?
?>[/b][/i]