Thread: SQL Injection, what do you guys do, any experts avil?
View Single Post
Old 10-20-2008, 05:39 AM  
fris
Too lazy to set a custom title
 
fris's Avatar
 
Industry Role:
Join Date: Aug 2002
Posts: 55,372
Code:
function sql_inj_str($str)
{
        if(get_magic_quotes_gpc())
        {
                $str=stripslashes($str);
        }
        return mysql_real_escape_string($str);
}
Code:
function sql_inj_num($str)
{
        $chars=preg_replace("[\D]","",$str);
        if(is_numeric($chars))
        {
                return $chars;
        }
        else
        {
                return false;
        }
}
Code:
$username=sql_inj_str($username);
$password=sql_inj_str($password);
Code:
$gallery=sql_inj_num($_GET[gallery]);
__________________
Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence.


WP Stuff
fris is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote