Network Security: Detailed info on PHP filter function against SQL injections

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Security-Basics

[Top] [All Lists]

PHP filter function against SQL injections

from [Kellox] Network Security

[Permanent Link]

Subject:	PHP filter function against SQL injections
Date:	Wed, 7 Feb 2007 17:54:52 +0100

hi everyone!

i was just wondering if this filter function written in php is safe against
sql injections:

function filter($string) {
  $replace = "";
  $search = array(">", "<", "|", ";");
  $result = mysql_escape_string( str_replace($search, $replace, $string));
  return $result;
}

or could anyone imagine an sql injection attack which bypasses this filter
function?
___________________________________________________________________________
mymail - der unschlagbare und kostenlose E-Mail-Dienst der Schweiz!
http://mymail.ch/?redirect=9999
Kaspersky Anti Virus 6.0 - So schützen Sie Ihren PC zuverlässig!
http://ad.zanox.com/ppc/?4997698C625979254T

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
PHP filter function against SQL injections, Kellox <= Re: PHP filter function against SQL injections, jeffrey rivero Re: PHP filter function against SQL injections, jeff Re: PHP filter function against SQL injections, Koen Bossaert Re: PHP filter function against SQL injections, Kellox Re: PHP filter function against SQL injections, jeffrey rivero Re: PHP filter function against SQL injections, Terra Frost Message not available Re: PHP filter function against SQL injections, Terra Frost Re: PHP filter function against SQL injections, Kellox Re: PHP filter function against SQL injections, jeffrey rivero Re: PHP filter function against SQL injections, Nic Stevens

Previous by Date:	Re: Arp spoffing question, Dathan Bennett
Next by Date:	Re: strange e-mail message, gjgowey
Previous by Thread:	Arp spoffing question, Juan B
Next by Thread:	Re: PHP filter function against SQL injections, jeffrey rivero
Indexes:	[Date] [Thread] [Top] [All Lists]