Re: str_replace on words with an array

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

checkout the function mysql_real_escape_string()


On Oct 29, 2006, at 3:13 PM, Dotan Cohen wrote:


On 30/10/06, Paul Novitski <paul@xxxxxxxxxxxxxxxxxxx> wrote:

Hi Dotan,

To get help with your problem, share more of your PHP code with the
list so we can look at what you're doing.
Also, give us a link to the PHP script on your server so we can see the output. 

Regards,
Paul



Nothing else is relevant, but $searchQuery will get passed to the
database, so it should be protected from SQL injection. That's why I
want to remove characters such as quotes, dashes, and the equals sign.

I set up a test page:
http://what-is-what.com/test.php

with this code:
<html><body>

<?php

// FOIL SQL INJECTION AND REMOVE NOISE

$noiseArray = array("[:alnum:]", "[:punct:]", "|", "\\", "<", ">",
"#", "@",  "\$", "%", "^", "&", "*", "(", ")", "-", "_", "+", "=",
"[", "]", "{", "}", "about", "after", "all", "also", "an", "and",
"another", "any", "are", "as", "at", "be", "because", "been",
"before", "being", "between", "both", "but", "by", "came", "can",
"come", "could", "did", "do", "does", "each", "else", "for", "from",
"get", "got", "has", "had", "he", "have", "her", "here", "him",
"himself", "his", "how", "if", "in", "into", "is", "it", "its",
"just", "like", "make", "many", "me", "might", "more", "most", "much",
"must", "my", "never", "now", "of", "on", "only", "or", "other",
"our", "out", "over", "re", "said", "same", "see", "should", "since",
"so", "some", "still", "such", "take", "than", "that", "the", "their",
"them", "then", "there", "these", "they", "this", "those", "through",
"to", "too", "under", "up", "use", "very", "want", "was", "way", "we",
"well", "were", "what", "when", "where", "which", "while", "who",
"will", "with", "would", "you", "your");
$searchQuery=preg_replace( "/^".$noiseArray."$/", " ", $_POST ["query"]); 
$searchQuery=trim($searchQuery);

print "<p>$searchQuery</p>";

?>

<form action="/test.php" method="post">
  <input type="text" name="query" />
  <input type="submit" />
</form>

</body></html>



Dotan Cohen

http://song-lirics.com
http://what-is-what.com/what_is/distribution.html

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux