I am stuck with my problems on the strpos() function.
Code: Select all
function sqlInject($phrase){
$ban=array("1"=>"DELETE FROM","2"=>"INSERT INTO","3"=>"LOAD DATA","4"=>"TRUNCATE TABLE");
$phrase = strtoupper($phrase);
$countBan = count($ban);
$numOfBans = 0;
for($i=1;$i<=$countBan;$i++){
$pos = strpos($phrase,$ban[$i]);
if($pos === true){
$numOfBans = 1;
}
}
return $numOfBans;
}I had tried validating this function by using a print line but it kept showing its 0 (numOfBans) when i had
entered one or more of the array content.
Please help! Thanks million!
If you do have any good ways to prevent sql injection, please do post too!
Thanks again!