Re: [ITCENTER] Mohon Tips Pengamanan Website dari SQL Injection

[JimBeam]

hmm...apakah sudah memadai kalau pakai function ini?

kalau saya punya english-speaking users, masa mereka
ngga boleh memasukkan kata2 seperti or, delete, drop, insert?
itu kan kata2 yg dipakai se-hari2. hmmm.....

On 9/5/07, Acho <[EMAIL PROTECTED]> wrote:
>
> saya biasanya bikin function untuk menyaring/filter string apa yg tidak
> boleh dieksekusi saat form login di proses. Misalnya : string drop,
> delete,
> update, truncate. Mungkin kl di PHP bisa spt ini:
>
>    function no_injection( $key ) {
>
>         // assign SQL command yang tdk boleh di eksekusi, tampung di
> sebuah
> array
>
>         $arrstring = array ("insert", "select", "update", "delete",
> "truncate","replace", "drop", " or ", ";", "#", "--", "=" );
>
>
>         // proses seleksi/cek, input tidak boleh mengandung command
> terlarang
>
>           $kondisi=true;
>
>           foreach($arrstring as $badstring) {
>
>               if(strripos($key, $badstring)) {
>
>                   $kondisi=false;
>
>                   break;
>
>               }
>
>           }
>
>           return $kondisi;
>
>       }
>
>


[Non-text portions of this message have been removed]



-- 
www.itcenter.or.id - Komunitas Teknologi Informasi Indonesia 
Gabung, Keluar, Mode Kirim : [EMAIL PROTECTED] 

 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/ITCENTER/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/ITCENTER/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:[EMAIL PROTECTED] 
    mailto:[EMAIL PROTECTED]

<*> To unsubscribe from this group, send an email to:
    [EMAIL PROTECTED]

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/