By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
438,278 Members | 1,329 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 438,278 IT Pros & Developers. It's quick & easy.

Help with eregi & eregi_replace

P: n/a
Hello all.
I am starting to work on a URL "cleaner" of sorts. The code below is only
checking
for a few simple entries on the URL, but for some reason it is not replacing
them
with "" when found.
$qs and $clean_qs produce the same results.

Also, can someone who is fluent with regex stuff take a look at my
eregi expressions ? Im not sure if this is the most efficient way of
searching
through the URL for a match.

$qs = $PHP_SELF . "?" . $HTTP_SERVER_VARS['QUERY_STRING'];
$urlcheck = array (
"%20OR%20",
"--",
"xp_cmdshell"
);
$urlclean = array (
"",
"",
""
);
$badurl = 0;
while (list ($key, $val) = each ($urlcheck)) {
if (eregi($val, $qs)) {
$badurl = 1;
}
}
$clean_qs = eregi_replace ($urlcheck, $urlclean, $qs);
echo $qs;
echo "<br>";
echo $clean_qs;

Many thanks all.
Jul 16 '05 #1
Share this Question
Share on Google+
1 Reply


P: n/a
ok. since my last post, i have been tinkering =) this is what i have so far,
but i have
yet another question.

1) does anyone know of other SQL Injection style commands that can be
passed,s
so that I can add them to my array ?

2) in my $urlcheck array what is the best way to search for ANY that is
entered
like 1=1, or 2=2, etc. now granted, if the %20OR%20 is detected the 1=1
usually
would follow, so the $badurl would be "flagged" anyway, but without entering
a
bunch of 1=1, 2=2, etc. is there an easier way ?

$qs = $PHP_SELF . "?" . $HTTP_SERVER_VARS['QUERY_STRING'];
$urlcheck = array (
"%20OR%20",
"--",
"xp_cmdshell",
"1=1"
);
$badurl = 0;
while (list ($key, $val) = each ($urlcheck)) {
if (eregi($val, $qs)) {
$badurl = 1;
}
}

if ($badurl) {
$clean_qs = str_replace ($urlcheck, "", $qs);
header("Location: http://" . $_SERVER['SERVER_NAME'] . $clean_qs);
}

Thanks again, back to tinkering...
Jul 16 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.