GoFuckYourself.com - Adult Webmaster Forum - View Single Post - SQL Injection, what do you guys do, any experts avil?

rowan · 10-20-2008, 04:30 AM

Another quick and dirty sanitisation:

$var = $_GET["somevar"];
$i = 0;
while ($i < strlen($var) && $var[$i] != ";" && $var != "'") $i++;
$var = substr($var, 0, $i);

This will trim $var to the first instance of ; or ' appearing, or leave the string as-is if neither appear

(note: this particular implementation from memory, & untested)

10-20-2008, 04:30 AM
rowan Too lazy to set a custom title Join Date: Mar 2002 Location: Australia Posts: 17,393	Another quick and dirty sanitisation: $var = $_GET["somevar"]; $i = 0; while ($i < strlen($var) && $var[$i] != ";" && $var != "'") $i++; $var = substr($var, 0, $i); This will trim $var to the first instance of ; or ' appearing, or leave the string as-is if neither appear (note: this particular implementation from memory, & untested)