SQL Injection
Posted: Tue Feb 10, 2015 8:03 am
Hi
I am really struggling here i want this to check for fobidden words in an effort to stop sql injection.
I cant seem to get it to work
The idea is that it checks the $items_check against a list of banned words if it finds one it doesnt allow the remaining script to execute.
I am really struggling here i want this to check for fobidden words in an effort to stop sql injection.
I cant seem to get it to work
Code: Select all
function secureit()
{
global $items_check;
$unallowed = array('href', 'www', 'UPDATE', 'INSERT', 'DELETE', 'SET', 'OFFSET', 'ORDER BY', 'union', 'UPDATE', 'DROP TABLE', 'CREATE TABLE');
foreach($unallowed as $field) {
if(stristr($items_check, $field) == TRUE) {
$mess = 'NO Thanks "'.$items_check .'" is forbidden content!';
return $action = "0";
}
}
}