• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 598
  • Last Modified:

PHP: If this function can anti - sql injection?

If this function can anti - sql injection?

function anti_sql_injection($query,$dblink) {
            $query= @trim($query);
            if(get_magic_quotes_gpc()) {
                  $query= stripslashes($query);
            }
            return mysql_real_escape_string($query,$dblink);
}

Thank you!
0
bxglxbxglx2000
Asked:
bxglxbxglx2000
3 Solutions
 
Loganathan NatarajanLAMP DeveloperCommented:
yes, it will do, and make sure you should have $dblink
0
 
Ludwig DiehlSystems ArchitectCommented:
if u check the result of ur function u will notice that the given query will not be executed as it will return a malformed query

eg:

given: UPDATE form SET field1='a',field2='b' WHERE id=1;
returns: UPDATE form SET field1=\'a\',field2=\'b\' WHERE id=1;

So you can now do the following:

1. use ur anti_injection for each value u are going to update or insert and the build your query
2. Parse ur query and escape only the values. Using preg_match to validate your query format would be a choice.

By the way u should also use htmlentities to convert HTML tags




 
0
 
mcbSolutionsCommented:
There is also a possibility to inject your sql by the union keyword.

In my code the use of semi colon and the the UNION keyword are not allowed.
/** Tests the given query for sql injection
 *
 * @param $query        Query to test
 * @param $unionAllowed Only set to true when no vary are used in query!!!
*/
function query_test($query, $unionAllowed = false)
{
   if(!$unionAllowed)
   {
      $tmp = str_replace(array("union"),
                         array(""),
                         strtolower($query));

      if(strlen($tmp) != strlen($query))
         return false;
   }
   $tmp = preg_replace(array("/'(.*?)'/s","/\\\'/s", "/\"(.*?)\"/s"),
                       array(          "",       "",             ""),
                       trim($query));

   $pos = strpos($tmp, ";");

   $res = $pos === false || $pos == strlen($tmp)-1;

   if(!$res)
      ReportError($query, "not passed!", __METHOD__, __METHOD__, "sql");

   return $res;

}

/** Executes sql_query 
 *
 * @param string $query			The query to execute
 * @param string $method		__METOHOD__ of the caller (to find bugs)
 * @param bool 	 $unionAllowed  Determines if the UNION keyword is allowed
 * @return mixed Array or false
 */
function query($query, $method, $unionAllowed = false)
{
   if(query_test($query, $unionAllowed))
   {
      $res = mysql_query($query);
      if($res === false)
         ReportError($query, mysql_errno()." ".mysql_error(), __METHOD__, __METHOD__, "sql");
      else
         return $res;
   }

   return false;
}

Open in new window

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now