Security Basics mailing list archives
PHP filter function against SQL injections
From: "Kellox" <kellox () mymail ch>
Date: Wed, 7 Feb 2007 17:54:52 +0100
hi everyone! i was just wondering if this filter function written in php is safe against sql injections: function filter($string) { $replace = ""; $search = array(">", "<", "|", ";"); $result = mysql_escape_string( str_replace($search, $replace, $string)); return $result; } or could anyone imagine an sql injection attack which bypasses this filter function? ___________________________________________________________________________ mymail - der unschlagbare und kostenlose E-Mail-Dienst der Schweiz! http://mymail.ch/?redirect=9999 Kaspersky Anti Virus 6.0 - So schützen Sie Ihren PC zuverlässig! http://ad.zanox.com/ppc/?4997698C625979254T
Current thread:
- PHP filter function against SQL injections Kellox (Feb 07)
- Re: PHP filter function against SQL injections jeffrey rivero (Feb 07)
- Re: PHP filter function against SQL injections jeff (Feb 07)
- Re: PHP filter function against SQL injections Koen Bossaert (Feb 08)
- Re: PHP filter function against SQL injections Kellox (Feb 08)
- Re: PHP filter function against SQL injections jeffrey rivero (Feb 08)
- Re: PHP filter function against SQL injections Terra Frost (Feb 09)
- Message not available
- Re: PHP filter function against SQL injections Terra Frost (Feb 12)
- Re: PHP filter function against SQL injections Kellox (Feb 08)
- Re: PHP filter function against SQL injections Kellox (Feb 09)
- Re: PHP filter function against SQL injections jeffrey rivero (Feb 09)
- Re: PHP filter function against SQL injections Nic Stevens (Feb 12)