Home page logo

basics logo Security Basics mailing list archives

Re: PHP filter function against SQL injections
From: "Koen Bossaert" <koen.bossaert () gmail com>
Date: Thu, 8 Feb 2007 10:55:53 +0100

You probably also don't want * and %.
You can also make use of prepared statements or stored procedures
against SQL Injection.


On 2/7/07, Kellox <kellox () mymail ch> wrote:
hi everyone!

i was just wondering if this filter function written in php is safe against
sql injections:

function filter($string) {
  $replace = "";
  $search = array(">", "<", "|", ";");
  $result = mysql_escape_string( str_replace($search, $replace, $string));
  return $result;

or could anyone imagine an sql injection attack which bypasses this filter
mymail - der unschlagbare und kostenlose E-Mail-Dienst der Schweiz!
Kaspersky Anti Virus 6.0 - So schützen Sie Ihren PC zuverlässig!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]