Looking for a PHP function to prevent sql injections

G

greybachelor

New member
Is there a built in PHP function which can be applied on a input taken from a form to make the input less risky for the database. Recently one of the website i manage was hit really bad by hackers and they try to insert malicious codes and scripts. Fortunate enough for me i caught it early and i think i have avoided the damage this time but i cannot keep on checking all the time so i am looking for a read made PHP function or a group of functions which can detect and remove certain strings which should not be going to my database and thus avoiding mysql injections
 
I do not know if you have solved your problem or not yet but here is a function that I use to remove bad things from user inputs. All you do is put this at the begginning of your file and instead of $_POST['example'] you put $scrubbed['example']

PHP: 
[CODE]
function spam_scrubber($value) {
			
			// List of very bad characters.
			$very_bad = array('to:', 'cc:', 'bcc:', 'content-type:', 'mime-version:', 'multipart-mixed:', 'content-transfer-encoding:');
			
			// If any of the very bad strings are in the submitted value, return an empty string:
			foreach ($very_bad as $v) {
				if (stripos($value, $v) !== false) return '';
			}
			
			// Replace any newline characters with spaces:
			$value = str_replace(array( "\r", "\n", "%oa", "%od"), '  ', $value);
			
			// Return the value:
			return trim($value);
			
		} // End of Spam Scrubber Function
		
		// Clean the form data:
		$scrubbed = array_map('spam_scrubber', $_POST);
[/CODE]
 
You must log in or register to reply here.
Back
Top