Hello all.
I am starting to work on a URL "cleaner" of sorts. The code below is only
checking
for a few simple entries on the URL, but for some reason it is not replacing
them
with "" when found.
$qs and $clean_qs produce the same results.
Also, can someone who is fluent with regex stuff take a look at my
eregi expressions ? Im not sure if this is the most efficient way of
searching
through the URL for a match.
$qs = $PHP_SELF . "?" . $HTTP_SERVER_VA RS['QUERY_STRING'];
$urlcheck = array (
"%20OR%20",
"--",
"xp_cmdshel l"
);
$urlclean = array (
"",
"",
""
);
$badurl = 0;
while (list ($key, $val) = each ($urlcheck)) {
if (eregi($val, $qs)) {
$badurl = 1;
}
}
$clean_qs = eregi_replace ($urlcheck, $urlclean, $qs);
echo $qs;
echo "<br>";
echo $clean_qs;
Many thanks all.
1  2376 
ok. since my last post, i have been tinkering =) this is what i have so far,
but i have
yet another question.
1) does anyone know of other SQL Injection style commands that can be
passed,s
so that I can add them to my array ?
2) in my $urlcheck array what is the best way to search for ANY that is
entered
like 1=1, or 2=2, etc. now granted, if the %20OR%20 is detected the 1=1
usually
would follow, so the $badurl would be "flagged" anyway, but without entering
a
bunch of 1=1, 2=2, etc. is there an easier way ?
$qs = $PHP_SELF . "?" . $HTTP_SERVER_VA RS['QUERY_STRING'];
$urlcheck = array (
"%20OR%20",
"--",
"xp_cmdshel l",
"1=1"
);
$badurl = 0;
while (list ($key, $val) = each ($urlcheck)) {
if (eregi($val, $qs)) {
$badurl = 1;
}
}
if ($badurl) {
$clean_qs = str_replace ($urlcheck, "", $qs);
header("Locatio n: http://" . $_SERVER['SERVER_NAME'] . $clean_qs);
}
Thanks again, back to tinkering...
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Ralph Freshour |
last post by:
Can someone please tell me why this function always evaluates to true
regardless of what I enter?
Thanks...
if (!eregi ("A-Za-z", $frm_member_name))
{
// invalid characters
$php_login_status = "not ok";
|
by: Jane Doe |
last post by:
Hi
I took a quick look in the archives, but didn't find an answer
to this one.
I'd like to display a list of HTML files in a directory, showing the
author's name between brackets after the file name. I can successfully
extract the TITLE section, but no luck with the AUTHOR part. Any idea
why?
|
by: george |
last post by:
(driving me nuts)
Hi there. I wonder if anyone can help?
I'm including a page from Google in search.php, passing some
parameters. So far so good. Then I'm asking to look through that
Google page for a text match, and return true or false.
eregi returns false whatever the case,
similar_text returns true whatever the case.
Can someone...
|
by: mcp6453 |
last post by:
I am trying to use Jack's FormMail script
(http://www.dtheatre.com/scripts/formmail). Since I'm brand new at PHP
and not very good at HTML, I have an easy question, which I will narrow
down. When the email arrives, it has this information:
v_firstname: asdf
v_lastname: asdf
b_email: asdf@bellsouth.net
v_phone: asdf
v_cellphone: asdf
|
by: Dynamo |
last post by:
Hi
The following script was taken from John Coggeshall's (PHP consultant) in his
article on Zends site at http://www.zend.com/zend/spotlight/ev12apr.php
// Get the email address to validate
$email = $_POST
// Use John Coggeshalls script to validate the email address
if(!eregi("^+(\.+)*@+(\.+)*(\.{2,3})$", $email) {
echo "The e-mail was...
| | |
by: Dynamo |
last post by:
Hi
I have used the following script within a simple form email to prevent the form
being used from an external url.
<?php
$referer = $_SERVER;
// Get the URL of this page
$myurl= "http://".$_SERVER.$_SERVER;
// If the referring URL and the URL of this page don't match then
// display a message and don't send the email.
|
by: news |
last post by:
God, I have read every comment in php.net eregi and Google searched,
and I have tried so many different attempts...this is the closest I've
gotten to verify a variable contains only:
alphanumerics, spaces, underscore, hyphen, period, apostrophe
if(eregi("^+$", $value))
{
return true;
}
|
by: Nel |
last post by:
Hi all,
I am struggling with understanding a small eregi problem in php4.
My code:
<?PHP
$htmlsource = '<img src="pics/hotdog.gif"> text text <img
src="pics/silly%20sausage.gif"> ';
eregi('(=")(pics/)(+...)(")',$htmlsource,$imagesintext);
?>
|
by: ojsimon |
last post by:
Hi
I found this script on a forum and have been trying to make it work, but all it returns is a blank screen, i tried using the debug error reporting but got nothing from that either just a blank page, here is the code<?php
//In this case, it fetches a search for "fresh content" from www.alltheweb.com, whom we hope you will visit....
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
| | |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...
| |
