Steven Osborn wrote:
Can someone please advise a faster solution to do what I'm
doing below? All I need to be able to do is determine if any of the
strings in the array are contained in $q. The method I have works, but
I'm sure its not the most efficient way to do it.
$dirtyWord = array("UNION","LOAD_FILE","LOAD DATA INFILE","LOAD
FILE","BENCHMARK","INTO OUTFILE");
foreach($dirtyWord as $injection)
{
I don't see a way to avoid the foreach loop, but...
if(stristr($q,$injection))
rather than stristr() it's faster (MARGINALLY!) to use stripos()
and test for a boolean false return value because your not interested in
the returned string (so why make php bother with grabbing and returning it)
{
//Do Something to remove injection and log it
if you get here I would suggest logging it and then stopping further processing
rather than trying to clean up the attempt to perform an sql injection.
}
}
Thank you.
--Steven
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
