sql_sentencias = array(" select "," union "," join "," group "," order "," delete "," update "," where "); } function getFiltered($_data){ $data = $_data; if (ALLOW_HTML_TAGS_IN_POST_GET_REQUESTS) { // Remove all HTML Tags from user input // including SCRIPT, APPLET, EMBED etc.. $data = strip_tags($data); } // if magic quotes == on, return data as is if (get_magic_quotes_gpc()!=1) { $data = addslashes($data); } return $data; } function checkSQL($_cadena){ $encontrado = false; foreach ($this->sql_sentencias as $sql){ if (!(strpos($_cadena,$sql)===FALSE)){ $encontrado = true; } } foreach ($this->sql_sentencias as $sql){ if (!(strpos($_cadena,strtoupper($sql))===FALSE)){ $encontrado = true; } } return $encontrado; } function setFilteredRequest() { foreach ($_GET as $key=>$get){ $_GET[$key] = $this->getFiltered($_GET[$key]); if ($this->checkSQL($_GET[$key])){ header('location: index.php'); die(); } } foreach ($_POST as $key=>$post){ $_POST[$key] = $this->getFiltered($_POST[$key]); if ($this->checkSQL($_POST[$key])){ header('location: index.php'); die(); } } foreach ($_REQUEST as $key=>$request){ $_REQUEST[$key] = $this->getFiltered($_REQUEST[$key]); if ($this->checkSQL($_REQUEST[$key])){ header('location: index.php'); die(); } } foreach ($_COOKIE as $key=>$cookie){ $_COOKIE[$key] = $this->getFiltered($_COOKIE[$key]); if ($this->checkSQL($_COOKIE[$key])){ header('location: index.php'); die(); } } } } ?>