I have this form, and this antinjection.
I have checked for anti injection in three places and it still is quite easily injectable.

$sql_server = "localhost"; //<-- MSSQL server address/ip
$sql_user = "sa"; //<-- MSSQL username
$sql_pass = "sa"; //<-- MSSQL password
$sql_data = "database"; //<-- MSSQL database
$xadb = mssql_select_db($sql_data,$conn);
$badchars = array(";", "'", "\"", "*", ".", "DROP", "SELECT", "UPDATE", "DELETE", "drop", 

"select","update","delete", "WHERE", "where", "INSERT", "insert");
$Data = '<html><p><p><b>Form Description</b><p>Enter Info Here:<br><form action=form.php 

method=post><input type=text name=test><br><br><input type=submit name=submit  value="Submit"></form></html>';
$char = $_POST['test'];
	if (isset($_POST['test'])){
      if(in_array($char, $badchars)) { die("INVALID CHAR!"); } else {
if(!in_array($char, $badchars)){
$ni = mssql_num_rows($findchar);
if ($ni = 1) { 
echo '<p>Blabla... <b>' , $char.' ID = ' , $findchar['ID'] , '<p>'; } else { die('ERROR'); 
	$findchar = mssql_query("select * from table where name = '$char'");
echo $Data;

Please note this is just test code... edited from my original, it may or may not fully work off the bat, but the basics are there.

The problem is it only stops injection if it is at the start with nothing in front of it or behind it... and even then, it doesnt stop ' placed anywhere, or semicolons placed at start.

I need all those things in bad word to make the php page die if it is entered in the form. Thanks!

8 Years
Discussion Span
Last Post by Untam3d

I think you should do something like this:

$inject = false
foreach ($badchars as $bad) {
  if (strpos($char, $bad) !== false)
    $inject = true;

Thanks alot! After adding an { and } at the start and end of that if, and changing = true to = $inject + 1, and changing $inject = false to $inject = 0, and having it check to make sure $inject == 0 in an if... it works perfectly, exactly as I want it to, stopping most, if not all injections. Thanks alot!

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.