Hi folks,
Someone know how i can improve this function to protect my envairounment
vars of sql injection attacks.
that is the function i use to do this, but, some people think is not enough:
* @uses $_REQUEST= _antiSqlInjection($_REQUEST);
* @uses $_POST = _antiSqlInjection($_POST);
* @uses $_GET = _antiSqlInjection($_GET);
*
* @author Igor Escobar
* @email blog [at] igorescobar [dot] com
*
*/
function _antiSqlInjection($Target){
$sanitizeRules =
array('OR','FROM,'SELECT','INSERT','DELETE','WHERE','DROP TABLE','SHOW
TABLES','*','--','=');
foreach($Target as $key => $value):
if(is_array($value)): $arraSanitized[$key] = _antiSqlInjection($value);
else:
$arraSanitized[$key] =
addslashes(strip_tags(trim(str_replace($sanitizeRules,"",$value))));
endif;
endforeach;
return $arraSanitized;
}
You can help me to improve them?
Regards,
Igor Escobar
Systems Analyst & Interface Designer
--
Personal Blog
~ blog.igorescobar.com
Online Portifolio
~ www.igorescobar.com
Twitter
~ @igorescobar
