Network Security: Detailed info on Re: PHP filter function against SQL injections

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Security-Basics

[Top] [All Lists]

Re: PHP filter function against SQL injections

from [Koen Bossaert] Network Security

[Permanent Link]

Subject:	Re: PHP filter function against SQL injections
Date:	Thu, 8 Feb 2007 10:55:53 +0100

You probably also don't want * and %.
You can also make use of prepared statements or stored procedures
against SQL Injection.

Regards,
Koen

On 2/7/07, Kellox <kellox@mymail.ch> wrote:

hi everyone!

i was just wondering if this filter function written in php is safe against
sql injections:

function filter($string) {
  $replace = "";
  $search = array(">", "<", "|", ";");
  $result = mysql_escape_string( str_replace($search, $replace, $string));
  return $result;
}

or could anyone imagine an sql injection attack which bypasses this filter
function?
___________________________________________________________________________
mymail - der unschlagbare und kostenlose E-Mail-Dienst der Schweiz!
http://mymail.ch/?redirect=9999
Kaspersky Anti Virus 6.0 - So schützen Sie Ihren PC zuverlässig!
http://ad.zanox.com/ppc/?4997698C625979254T

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
PHP filter function against SQL injections, Kellox Re: PHP filter function against SQL injections, jeffrey rivero Re: PHP filter function against SQL injections, jeff Re: PHP filter function against SQL injections, Koen Bossaert <= Re: PHP filter function against SQL injections, Kellox Re: PHP filter function against SQL injections, jeffrey rivero Re: PHP filter function against SQL injections, Terra Frost Message not available Re: PHP filter function against SQL injections, Terra Frost Re: PHP filter function against SQL injections, Kellox Re: PHP filter function against SQL injections, jeffrey rivero Re: PHP filter function against SQL injections, Nic Stevens FW: PHP filter function against SQL injections, kevin fielder Re: PHP filter function against SQL injections, Henry Troup Re: PHP filter function against SQL injections, Henry Troup

Previous by Date:	Re: PHP filter function against SQL injections, Kellox
Next by Date:	Virtual Machine from an existing Physical Machine, Antnio C. N. Crespo
Previous by Thread:	Re: PHP filter function against SQL injections, jeff
Next by Thread:	Re: PHP filter function against SQL injections, Kellox
Indexes:	[Date] [Thread] [Top] [All Lists]