• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

PHP Security - I need your opinion regarding 3 functions

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Programming and More

View previous topic :: View next topic  
Author Message
hexadeximal
Just Arrived
Just Arrived


Joined: 24 Jan 2010
Posts: 0


Offline

PostPosted: Sun Jan 24, 2010 7:56 pm    Post subject: PHP Security - I need your opinion regarding 3 functions Reply with quote

Hello, i just signed in and i would apreciate your sophisticated help...

lots of my custom dynamic websites where injected...and i tried to create three funtions in order to call them for input validation so as to avoid injections.

1. prot_txt() = protect string inputs such as username, first name etc...(usuallu post values)
2. numer() = protect numerical data usualy id's used in urls
3. prot_email() = protect email inputs (contact forms) to avoid header injections....

please tell me if any of this is vulnerable....

thank you in advance...

function prot_txt($str)
{
$str = utf8_encode($str);
$str = utf8_decode($str);
$str = str_replace("\"", " ", $str);
$str = str_replace("\'", " ", $str);
$str = str_replace("alert", " ", $str);
$str = str_replace("(", " ", $str);
$str = str_replace(")", " ", $str);
$str = str_replace("/", " ", $str);
$str = str_replace("<", " ", $str);
$str = str_replace(">", " ", $str);
$str = str_replace(">", " ", $str);
$str = str_replace(";", " ", $str);
$str = str_replace("\\", " ", $str);
$str = str_replace("-", " ", $str);
$str = str_replace("--", " ", $str);
$str = str_replace("+", " ", $str);
$str = str_replace("=", " ", $str);
$str = str_replace("on", " ", $str);
$str = str_replace("script", " ", $str);
$str = str_replace("java", " ", $str);

$str = htmlspecialchars($str);
$str = addslashes($str);
$str = mysql_real_escape_string($str);
$str = htmlentities($str);
if(substr_count($str, 'alert') > 0 OR substr_count($str, '</') > 0 OR substr_count($str, '<') > 0 OR substr_count($str, '>') > 0 OR substr_count($str, '\"') > 0 OR substr_count($str, '\'') > 0 OR substr_count($str, '\\') > 0 OR substr_count($str, 'mouseover') > 0 OR substr_count($str, '%') > 0 OR substr_count($str, '(') > 0 OR substr_count($str, ')') > 0)
{
die("No access");
}
else
{
return $str;
}
}


function numer($str)
{
$str = utf8_encode($str);
$str = utf8_decode($str);
$str = str_replace("\"", " ", $str);
$str = str_replace("\'", " ", $str);
$str = str_replace("alert", " ", $str);
$str = str_replace("(", " ", $str);
$str = str_replace(")", " ", $str);
$str = str_replace("/", " ", $str);
$str = str_replace(".", " ", $str);
$str = str_replace("<", " ", $str);
$str = str_replace(">", " ", $str);
$str = str_replace(">", " ", $str);
$str = str_replace(";", " ", $str);
$str = str_replace("\\", " ", $str);
$str = str_replace("-", " ", $str);
$str = str_replace("+", " ", $str);
$str = str_replace("=", " ", $str);
$str = str_replace("on", " ", $str);
$str = str_replace("script", " ", $str);
$str = str_replace("java", " ", $str);


$str = htmlspecialchars($str);
$str = addslashes($str);
$str = mysql_real_escape_string($str);
$str = htmlentities($str);

if($str <> "")
{
if(is_numeric($str))
{
return $str;
}
else
{
die("No access");
}
}
}


function prot_email($str)
{
$str = utf8_encode($str);
$str = utf8_decode($str);
//return iconv("ISO-8859-1", "utf-8", $str);
if(strpos($str, "<") === false &&
strpos($str, ">") === false &&
strpos($str, "'") === false &&
strpos($str, '"') === false)
{
$str = htmlspecialchars(addslashes(mysql_real_escape_string($str)));
return $str;
}
else
{
die("No access");
}
}
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Programming and More All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Looking for more Windows Networking info?

Sign up to the WindowsNetworking.com Monthly Newsletter, written by Enterprise Security MVP Deb Shinder, containing news, the hottest tips, Networking links of the month and much more. Subscribe today and don't miss a thing!
View a sample newsletter.

Become a WindowsNetworking.com member!

Discuss your Windows Networking issues with thousands of other Windows Newtorking experts. Click here to join!

Community Area

Log in | Register

Readers' Choice

Which is your preferred data recovery solution?

Follow TechGenix on Twitter