On 30/10/06, Paul Novitski <paul@xxxxxxxxxxxxxxxxxxx> wrote:
Hi Dotan, To get help with your problem, share more of your PHP code with the list so we can look at what you're doing. Also, give us a link to the PHP script on your server so we can see the output. Regards, Paul
Nothing else is relevant, but $searchQuery will get passed to the database, so it should be protected from SQL injection. That's why I want to remove characters such as quotes, dashes, and the equals sign. I set up a test page: http://what-is-what.com/test.php with this code: <html><body> <?php // FOIL SQL INJECTION AND REMOVE NOISE $noiseArray = array("[:alnum:]", "[:punct:]", "|", "\\", "<", ">", "#", "@", "\$", "%", "^", "&", "*", "(", ")", "-", "_", "+", "=", "[", "]", "{", "}", "about", "after", "all", "also", "an", "and", "another", "any", "are", "as", "at", "be", "because", "been", "before", "being", "between", "both", "but", "by", "came", "can", "come", "could", "did", "do", "does", "each", "else", "for", "from", "get", "got", "has", "had", "he", "have", "her", "here", "him", "himself", "his", "how", "if", "in", "into", "is", "it", "its", "just", "like", "make", "many", "me", "might", "more", "most", "much", "must", "my", "never", "now", "of", "on", "only", "or", "other", "our", "out", "over", "re", "said", "same", "see", "should", "since", "so", "some", "still", "such", "take", "than", "that", "the", "their", "them", "then", "there", "these", "they", "this", "those", "through", "to", "too", "under", "up", "use", "very", "want", "was", "way", "we", "well", "were", "what", "when", "where", "which", "while", "who", "will", "with", "would", "you", "your"); $searchQuery=preg_replace( "/^".$noiseArray."$/", " ", $_POST["query"]); $searchQuery=trim($searchQuery); print "<p>$searchQuery</p>"; ?> <form action="/test.php" method="post"> <input type="text" name="query" /> <input type="submit" /> </form> </body></html> Dotan Cohen http://song-lirics.com http://what-is-what.com/what_is/distribution.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
