Hi Daniel, Please keep these things out of the list. I'm sure that you want to have programming related stuff going on this list instead of discussions about telling someone lessons in life. We all do want the same, we want to have php related questions and discussions (also some funny and humor discussions are welcome to keep up the community) in this list as long as everything is not being drifted into p0l1t1cs.... (this is the php-list-un-mentionable-word). Kind Regards, Nitsan דרך אגב אל תבזבז את הזמן על אנשים כאלה יש הרבה פלצפנים שאוהבים לדבר.. תסנן ותעבור הלאה ואשמח אם תכניס אותי למסנגר (המסנגר כמו המייל שאני שולח ממנו עכשיו) טוב להכיר אנשים אכותים (: שבת שלום ידידי היקר! On Sat, Mar 21, 2009 at 12:27 AM, דניאל דנון <danondaniel@xxxxxxxxx> wrote: > I'm a member of some forums about some topics, > One of them include a programming forum. > > Now, I've visited there a week ago and saw a topic with the title "Free > security", > Someone who calls himself a PHP expert (and said that he could teach me PHP > since my level is so low), and pretends to have so many clients, > Posted the following code. > > The code is written badly, and in his words - "its the best security, > without this you aren't secured". > Now, I am looking for a way to explain to him he is no PHP Professional, > but > I can't find the right sentence. Will you help me? > And here is the code of the so-called "PHP Professional" who has "very > large > amount of big clients" and "can teach me PHP". > Help me find something to say to him - I am not so good at that kind of > stuff > > Kind regards, > Daniel > > > *<? > ####################################### > ## aNtisQL by Moriel Pahima. > ####################################### > $getadd=strtolower($_SERVER[REQUEST_URI]); > $adr1 = $getadd; > $adr2x = explode("?",$adr1); > $adr = $adr1; > foreach( $_POST as $post => $value ) > $postcc.="$post => $value\n"; > foreach ( $_COOKIE as $cook => $value ) > $cookiecc.="$cook => $value\n"; > foreach ( $_GET as $get => $value ) > $getcc.="$get => $value\n"; > ####################################### > check($adr1); > check($postcc); > check($getcc); > check($cookiecc); > function check($antisql){ > if ( > eregi("union",$antisql)&&eregi("from",$antisql) > Or > eregi("ibf_",$antisql)&&eregi("select",$antisql) > Or > eregi("insert",$antisql)&&eregi("order",$antisql) > Or > eregi("update",$antisql)&&eregi("where",$antisql) > Or > eregi("`",$antisql)&&eregi("truncate",$antisql) > Or > eregi("null",$antisql)&&eregi("alter",$antisql) > ){ > errorview(); > } > if ( > eregi(h3x("union"),$antisql)&&eregi(h3x("from"),$antisql) > Or > eregi(h3x("ibf_"),$antisql)&&eregi(h3x("select"),$antisql) > Or > eregi(h3x("insert"),$antisql)&&eregi(h3x("order"),$antisql) > Or > eregi(h3x("update"),$antisql)&&eregi(h3x("where"),$antisql) > Or > eregi(h3x("`"),$antisql)&&eregi(h3x("truncate"),$antisql) > Or > eregi(h3x("null"),$antisql)&&eregi(h3x("alter"),$antisql) > ){ > errorview(); > } > if ( > eregi(h3x("UNION"),$antisql)&&eregi(h3x("FROM"),$antisql) > Or > eregi(h3x("IBF_"),$antisql)&&eregi(h3x("SELECT"),$antisql) > Or > eregi(h3x("INSERT"),$antisql)&&eregi(h3x("ORDER"),$antisql) > Or > eregi(h3x("UPDATE"),$antisql)&&eregi(h3x("WHERE"),$antisql) > Or > eregi(h3x("`"),$antisql)&&eregi(h3x("TRUNCATE"),$antisql) > Or > eregi(h3x("NULL"),$antisql)&&eregi(h3x("ALTER"),$antisql) > ){ > errorview(); > } > } > ####################################### > ## All Rights Reserved! > ####################################### > function errorview(){ > echo <<<antisql > <center> > aNtisQL ANTI SQL-INJECTION SYSTEM <br /> > by <a href="mailto: > hidden-since-i-dont-want-to-show-it-on-php-mailinglist > ">Moriel Pahima</a> > </center> > antisql; > die(); > } > ####################################### > function h3x($envar){ > $hax3d = bin2hex($envar); > $hax3d = chunk_split($hax3d , 2, "%"); > $hax3d = "%" . substr($hax3d , 0, strlen($hax3d ) - 1); > return $hax3d; > } > ?>* >