Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: PHP filter function against SQL injections

From: "Koen Bossaert" <koen.bossaert () gmail com>
Date: Thu, 8 Feb 2007 10:55:53 +0100
You probably also don't want * and %.
You can also make use of prepared statements or stored procedures
against SQL Injection.

Regards,
Koen

On 2/7/07, Kellox <kellox () mymail ch> wrote:

hi everyone!

i was just wondering if this filter function written in php is safe against
sql injections:

function filter($string) {
  $replace = "";
  $search = array(">", "<", "|", ";");
  $result = mysql_escape_string( str_replace($search, $replace, $string));
  return $result;
}

or could anyone imagine an sql injection attack which bypasses this filter
function?
___________________________________________________________________________
mymail - der unschlagbare und kostenlose E-Mail-Dienst der Schweiz!
http://mymail.ch/?redirect=9999
Kaspersky Anti Virus 6.0 - So schützen Sie Ihren PC zuverlässig!
http://ad.zanox.com/ppc/?4997698C625979254T
Previous By Date Next
Previous By Thread Next

Current thread: