Prevent code injection in PHP – Updated
Long time a go I wrote this article on how to prevent code injection in PHP, but is kind of old and uses the deprecated method “eregi”.
I rewrited the function and now looks like this, the hacker defense for php:
function hackerDefense(){ // begin hacker defense $notAllowedExp = array( '/<[^>]*script.*\"?[^>]*>/','/<[^>]*style.*\"?[^>]*>/', '/<[^>]*object.*\"?[^>]*>/','/<[^>]*iframe.*\"?[^>]*>/', '/<[^>]*applet.*\"?[^>]*>/','/<[^>]*window.*\"?[^>]*>/', '/<[^>]*docuemnt.*\"?[^>]*>/','/<[^>]*cookie.*\"?[^>]*>/', '/<[^>]*meta.*\"?[^>]*>/','/<[^>]*alert.*\"?[^>]*>/', '/<[^>]*form.*\"?[^>]*>/','/<[^>]*php.*\"?[^>]*>/','/<[^>]*img.*\"?[^>]*>/' );//not allowed in the system foreach ($_POST as $postvalue) { //checking posts foreach ($notAllowedExp as $exp){ //checking there's no matches if ( preg_match($exp, $postvalue) ) die ("Code not allowed");//die!!! } } // end hacker defense }
- How to create widgets for Open Classifieds 1.4.X
- Add PDF files inside other PDF in PHP
- Speed up your WordPress
- Prevent code injection in PHP
- Delete element from array in PHP
- Armani Code Sheer perfume Review
- How to Disinherit Someone
- PHP redirect code
- Sage
- Preventing Injuries While Triathlon Training pt 1
Help sharing and Flatter me ;)
