• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

PHP Security - I need your opinion regarding 3 functions

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Programming and More

View previous topic :: View next topic  
Author Message
hexadeximal
Just Arrived
Just Arrived


Joined: 24 Jan 2010
Posts: 0


Offline

PostPosted: Sun Jan 24, 2010 7:56 pm    Post subject: PHP Security - I need your opinion regarding 3 functions Reply with quote

Hello, i just signed in and i would apreciate your sophisticated help...

lots of my custom dynamic websites where injected...and i tried to create three funtions in order to call them for input validation so as to avoid injections.

1. prot_txt() = protect string inputs such as username, first name etc...(usuallu post values)
2. numer() = protect numerical data usualy id's used in urls
3. prot_email() = protect email inputs (contact forms) to avoid header injections....

please tell me if any of this is vulnerable....

thank you in advance...

function prot_txt($str)
{
$str = utf8_encode($str);
$str = utf8_decode($str);
$str = str_replace("\"", " ", $str);
$str = str_replace("\'", " ", $str);
$str = str_replace("alert", " ", $str);
$str = str_replace("(", " ", $str);
$str = str_replace(")", " ", $str);
$str = str_replace("/", " ", $str);
$str = str_replace("<", " ", $str);
$str = str_replace(">", " ", $str);
$str = str_replace(">", " ", $str);
$str = str_replace(";", " ", $str);
$str = str_replace("\\", " ", $str);
$str = str_replace("-", " ", $str);
$str = str_replace("--", " ", $str);
$str = str_replace("+", " ", $str);
$str = str_replace("=", " ", $str);
$str = str_replace("on", " ", $str);
$str = str_replace("script", " ", $str);
$str = str_replace("java", " ", $str);

$str = htmlspecialchars($str);
$str = addslashes($str);
$str = mysql_real_escape_string($str);
$str = htmlentities($str);
if(substr_count($str, 'alert') > 0 OR substr_count($str, '</') > 0 OR substr_count($str, '<') > 0 OR substr_count($str, '>') > 0 OR substr_count($str, '\"') > 0 OR substr_count($str, '\'') > 0 OR substr_count($str, '\\') > 0 OR substr_count($str, 'mouseover') > 0 OR substr_count($str, '%') > 0 OR substr_count($str, '(') > 0 OR substr_count($str, ')') > 0)
{
die("No access");
}
else
{
return $str;
}
}


function numer($str)
{
$str = utf8_encode($str);
$str = utf8_decode($str);
$str = str_replace("\"", " ", $str);
$str = str_replace("\'", " ", $str);
$str = str_replace("alert", " ", $str);
$str = str_replace("(", " ", $str);
$str = str_replace(")", " ", $str);
$str = str_replace("/", " ", $str);
$str = str_replace(".", " ", $str);
$str = str_replace("<", " ", $str);
$str = str_replace(">", " ", $str);
$str = str_replace(">", " ", $str);
$str = str_replace(";", " ", $str);
$str = str_replace("\\", " ", $str);
$str = str_replace("-", " ", $str);
$str = str_replace("+", " ", $str);
$str = str_replace("=", " ", $str);
$str = str_replace("on", " ", $str);
$str = str_replace("script", " ", $str);
$str = str_replace("java", " ", $str);


$str = htmlspecialchars($str);
$str = addslashes($str);
$str = mysql_real_escape_string($str);
$str = htmlentities($str);

if($str <> "")
{
if(is_numeric($str))
{
return $str;
}
else
{
die("No access");
}
}
}


function prot_email($str)
{
$str = utf8_encode($str);
$str = utf8_decode($str);
//return iconv("ISO-8859-1", "utf-8", $str);
if(strpos($str, "<") === false &&
strpos($str, ">") === false &&
strpos($str, "'") === false &&
strpos($str, '"') === false)
{
$str = htmlspecialchars(addslashes(mysql_real_escape_string($str)));
return $str;
}
else
{
die("No access");
}
}
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Programming and More All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register