Steven Osborn wrote:
Can someone please advise a faster solution to do what I'm doing
below? All I need to be able to do is determine if any of the strings
in the array are contained in $q. The method I have works, but I'm sure
its not the most efficient way to do it.
$dirtyWord = array("UNION","LOAD_FILE","LOAD DATA INFILE","LOAD
FILE","BENCHMARK","INTO OUTFILE");
foreach($dirtyWord as $injection)
{
if(stristr($q,$injection))
{
//Do Something to remove injection and log it
}
}
Thank you.
--Steven
Would it not a much safer and WAY faster method simply be to use
mysql_escape_string()? What are you doing that allows users to give raw
SQL to the server that you need to deny certain things? It seems like
you're on very dangerous ground, letting users throw arbitrary SQL at
your script.
Regards, Adam Zey.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
