This is why I am pushing for legislation to make this a licensed profession. -----Original Message----- From: Ashley Sheridan [mailto:ash@xxxxxxxxxxxxxxxxxxxx] Sent: Friday, March 20, 2009 9:18 PM To: Shawn McKenzie Cc: php-general@xxxxxxxxxxxxx Subject: Re: Re: So called "PHP Expert" On Fri, 2009-03-20 at 18:57 -0500, Shawn McKenzie wrote: <דניאל דנון wrote: > > I'm a member of some forums about some topics, > > One of them include a programming forum. > > > > Now, I've visited there a week ago and saw a topic with the title "Free > > security", > > Someone who calls himself a PHP expert (and said that he could teach me PHP > > since my level is so low), and pretends to have so many clients, > > Posted the following code. > > > > The code is written badly, and in his words - "its the best security, > > without this you aren't secured". > > Now, I am looking for a way to explain to him he is no PHP Professional, but > > I can't find the right sentence. Will you help me? > > And here is the code of the so-called "PHP Professional" who has "very large > > amount of big clients" and "can teach me PHP". > > Help me find something to say to him - I am not so good at that kind of > > stuff > > > > Kind regards, > > Daniel > > > > > > *<? > > ####################################### > > ## aNtisQL by Moriel Pahima. > > ####################################### > > $getadd=strtolower($_SERVER[REQUEST_URI]); > > $adr1 = $getadd; > > $adr2x = explode("?",$adr1); > > $adr = $adr1; > > foreach( $_POST as $post => $value ) > > $postcc.="$post => $value\n"; > > foreach ( $_COOKIE as $cook => $value ) > > $cookiecc.="$cook => $value\n"; > > foreach ( $_GET as $get => $value ) > > $getcc.="$get => $value\n"; > > ####################################### > > check($adr1); > > check($postcc); > > check($getcc); > > check($cookiecc); > > function check($antisql){ > > if ( > > eregi("union",$antisql)&&eregi("from",$antisql) > > Or > > eregi("ibf_",$antisql)&&eregi("select",$antisql) > > Or > > eregi("insert",$antisql)&&eregi("order",$antisql) > > Or > > eregi("update",$antisql)&&eregi("where",$antisql) > > Or > > eregi("`",$antisql)&&eregi("truncate",$antisql) > > Or > > eregi("null",$antisql)&&eregi("alter",$antisql) > > ){ > > errorview(); > > } > > if ( > > eregi(h3x("union"),$antisql)&&eregi(h3x("from"),$antisql) > > Or > > eregi(h3x("ibf_"),$antisql)&&eregi(h3x("select"),$antisql) > > Or > > eregi(h3x("insert"),$antisql)&&eregi(h3x("order"),$antisql) > > Or > > eregi(h3x("update"),$antisql)&&eregi(h3x("where"),$antisql) > > Or > > eregi(h3x("`"),$antisql)&&eregi(h3x("truncate"),$antisql) > > Or > > eregi(h3x("null"),$antisql)&&eregi(h3x("alter"),$antisql) > > ){ > > errorview(); > > } > > if ( > > eregi(h3x("UNION"),$antisql)&&eregi(h3x("FROM"),$antisql) > > Or > > eregi(h3x("IBF_"),$antisql)&&eregi(h3x("SELECT"),$antisql) > > Or > > eregi(h3x("INSERT"),$antisql)&&eregi(h3x("ORDER"),$antisql) > > Or > > eregi(h3x("UPDATE"),$antisql)&&eregi(h3x("WHERE"),$antisql) > > Or > > eregi(h3x("`"),$antisql)&&eregi(h3x("TRUNCATE"),$antisql) > > Or > > eregi(h3x("NULL"),$antisql)&&eregi(h3x("ALTER"),$antisql) > > ){ > > errorview(); > > } > > } > > ####################################### > > ## All Rights Reserved! > > ####################################### > > function errorview(){ > > echo <<<antisql > > <center> > > aNtisQL ANTI SQL-INJECTION SYSTEM <br /> > > by <a href="mailto: > > hidden-since-i-dont-want-to-show-it-on-php-mailinglist > > ">Moriel Pahima</a> > > </center> > > antisql; > > die(); > > } > > ####################################### > > function h3x($envar){ > > $hax3d = bin2hex($envar); > > $hax3d = chunk_split($hax3d , 2, "%"); > > $hax3d = "%" . substr($hax3d , 0, strlen($hax3d ) - 1); > > return $hax3d; > > } > > ?>* > > > > Tell him that the PHP experts and me (PHP hobbyist) on this list won't > even pick through his code because it is a garbled mass of shit! > > Maybe someone else will disagree and say that its a masterpiece, then > I'll bow out gracefully. > > -- > Thanks! > -Shawn > http://www.spidean.com > Nah, the GMS managed to pretty much cover it! Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php __________ Information from ESET Smart Security, version of virus signature database 3952 (20090320) __________ The message was checked by ESET Smart Security. http://www.eset.com __________ Information from ESET Smart Security, version of virus signature database 3952 (20090320) __________ The message was checked by ESET Smart Security. http://www.eset.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php