Help - Search - Members - Calendar
Full Version: Over Secure?
Pixel2Life Forum > Help Section > PHP, ASP, MySQL, JavaScript and other Web/Database Programming Help
The Creator
Aug 18 2009, 08:45 AM
Hi, it's been a while... Maybe even a year O__o but I'm back and in need of a bit of help.

My friend asked me to fix some script a programmer did for him, and one of the things that needed fixing was the sql_injection class which stops people doing sql_injection on a form.

In my opinion it's over secure, but anyway there problem is that it doesn't allow any special characters, anyone fancy helping me to let it allow special characters but also be secure?

Here is the function that tests for sql injections... tell me what you think...

CODE
function test($sRQ)
    {
        $sRQ = strtolower($sRQ);
        $this->rq = $sRQ;
        $aValues = array();
        $aTemp = array(); // temp array
        $aWords = array(); //
        $aSep = array(' and ',' or '); // separators for detect the
        $sConditions = '(';
        $matches = array();
        $sSep = '';
        // is there an attempt to unused part of the rq?
        if (is_int((strpos($sRQ,"#")))&&$this->_in_post('#')) return $this->detect();
        
        // is there a attempt to do a 2nd SQL requete ?
        if (is_int(strpos($sRQ,';'))){
            $aTemp = explode(';',$sRQ);
            if ($this->_in_post($aTemp[1])) return $this->detect();
        }
        
        $aTemp = explode(" where ",$sRQ);
        if (count($aTemp)==1) return FALSE;
        $sConditions = $aTemp[1];
        $aWords = explode(" ",$sConditions);
        if(strcasecmp($aWords[0],'select')!=0) $aSep[] = ',';
        $sSep = '('.implode('|',$aSep).')';
        $aValues = preg_split($sSep,$sConditions,-1, PREG_SPLIT_NO_EMPTY);

        // test the always true expressions
        foreach($aValues as $i => $v)
        {
            // SQL injection like 1=1 or a=a or 'za'='za'
            if (is_int(strpos($v,'=')))
            {
                 $aTemp = explode('=',$v);
                 if (trim($aTemp[0])==trim($aTemp[1])) return $this->detect();
            }
            
            //SQL injection like 1<>2
            if (is_int(strpos($v,'<>')))
            {
                $aTemp = explode('<>',$v);
                if ((trim($aTemp[0])!=trim($aTemp[1]))&& ($this->_in_post('<>'))) return $this->detect();
            }
        }
        
        if (strpos($sConditions,' null'))
        {
            if (preg_match("/null +is +null/",$sConditions)) return $this->detect();
            if (preg_match("/is +not +null/",$sConditions,$matches))
            {
                foreach($matches as $i => $v)
                {
                    if ($this->_in_post($v))return $this->detect();
                }
            }
        }
        
        if (preg_match("/[a-z0-9]+ +between +[a-z0-9]+ +and +[a-z0-9]+/",$sConditions,$matches))
        {
            $Temp = explode(' between ',$matches[0]);
            $Evaluate = $Temp[0];
            $Temp = explode(' and ',$Temp[1]);
            if ((strcasecmp($Evaluate,$Temp[0])>0) && (strcasecmp($Evaluate,$Temp[1])<0) && $this->_in_post($matches[0])) return $this->detect();
        }
        return FALSE;
    }


Any help would be greatly appreciated,


The Creator
derek.sullivan
Aug 19 2009, 02:48 PM
first off, your friend got exactly what they asked for. A secure script for stoping sql injections... Second off, to answer your question, you may need to check some of your preg_match() statements. I unfortunatelly can't tell you specifically which one, but it may be a starting ground for solving your case.
The Creator
Aug 20 2009, 11:03 AM
Thanks smile.gif I'll look into that, but regex i've always found difficult sad.gif I'll come back if I find out anything more bigwink.gif
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.