[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More
Experts Exchange Solution brought to you by
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
/** Tests the given query for sql injection
* @param $query Query to test
* @param $unionAllowed Only set to true when no vary are used in query!!!
function query_test($query, $unionAllowed = false)
$tmp = str_replace(array("union"),
if(strlen($tmp) != strlen($query))
$tmp = preg_replace(array("/'(.*?)'/s","/\\\'/s", "/\"(.*?)\"/s"),
array( "", "", ""),
$pos = strpos($tmp, ";");
$res = $pos === false || $pos == strlen($tmp)-1;
ReportError($query, "not passed!", __METHOD__, __METHOD__, "sql");
/** Executes sql_query
* @param string $query The query to execute
* @param string $method __METOHOD__ of the caller (to find bugs)
* @param bool $unionAllowed Determines if the UNION keyword is allowed
* @return mixed Array or false
function query($query, $method, $unionAllowed = false)
$res = mysql_query($query);
if($res === false)
ReportError($query, mysql_errno()." ".mysql_error(), __METHOD__, __METHOD__, "sql");
Open in new window
From novice to tech pro — start learning today.
Premium members can enroll in this course at no extra cost.