Ciao a tutti per prevenire eventuali attacchi SQL Injection potrebbe essere utile questo codice?
Codice PHP:
<?php
// per ottenere l'url che ha generato l'errore
$where = "http://$HTTP_HOST$REQUEST_URI";
$ip= $_SERVER['REMOTE_ADDR'];
$query_string= $_SERVER['QUERY_STRING'];
$http_referrer= $_SERVER['HTTP_REFERER'];
echo "$where
$ip
$query_string
$http_referrer
$user_agent";
if (stristr($query_string,'+union+') OR stristr($query_string,'%20union%20') OR
stristr($query_string,'*/union/*') OR stristr($query_string,' union ') )
{
echo "Hai utilizzato il comando sql UNION";
exit();
}
if (stristr($query_string,'+select+') OR stristr($query_string,'%20select%20') OR
stristr($query_string,'*/select/*') OR stristr($query_string,' select ') )
{
echo "Hai utilizzato il comando sql SELECT";
exit();
}
if (stristr($query_string,'+delete+') OR stristr($query_string,'%20delete%20') OR
stristr($query_string,'*/delete/*') OR stristr($query_string,' delete ') )
{
echo "Hai utilizzato il comando sql DELETE";
exit();
}
if (stristr($query_string,'+drop+') OR stristr($query_string,'%20drop%20') OR
stristr($query_string,'*/drop/*') OR stristr($query_string,' drop ') )
{
echo "Hai utilizzato il comando sql DROP";
exit();
}
if (stristr($query_string,'+insert+') OR stristr($query_string,'%20insert%20') OR
stristr($query_string,'*/insert/*') OR stristr($query_string,' insert ') )
{
echo "Hai utilizzato il comando sql INSERT";
exit();
}
?>
grazie ciao