PHP checkSQLInjection Examples

Programming Language: PHP

Method/Function: checkSQLInjection

Examples at hotexamples.com: 5

PHP checkSQLInjection - 5 examples found. These are the top rated real world PHP examples of checkSQLInjection extracted from open source projects. You can rate examples to help us improve the quality of examples.

Example #1

Show file

File: check-login.php Project: SergioLazaro/PetSharing

function startCookie($email, $password, $conn)
{
    if (checkSQLInjection($email) and checkSQLInjection($password)) {
        $result = mysqli_query($conn, "SELECT email , password FROM user WHERE email = '{$email}' AND password = '******'");
        if (mysqli_num_rows($result) > 0) {
            setcookie("email", $email, time() + 86400 * 30, "/");
        }
    } else {
        //SQL INJECTION
    }
}

Example #2

Show file

File: check-signup.php Project: SergioLazaro/PetSharing

<?php

$email = $_POST["email"];
$password = $_POST["password"];
$repassword = $_POST["password2"];
$name = $_POST["name"];
$surname = $_POST["surname"];
$birth = $_POST["birth"];
$gender = $_POST["optradio"];
// Check connection
$conn = mysqli_connect("localhost", "adminID5Rju3", "Rz5h2JWnm4xd", "tweb");
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}
if (checkSQLInjection($email) and checkSQLInjection($password) and checkSQLInjection($repassword) and checkSQLInjection($name) and checkSQLInjection($surname) and checkSQLInjection($birth)) {
    $result = mysqli_query($conn, "SELECT * FROM user WHERE email = '{$email}'");
    if (mysqli_num_rows($result) > 0) {
        //If there is a user with the same email -> cant sign up
        header("Location: index.php?error=1");
    } else {
        //No problems, we create the new user
        $sql = "INSERT INTO user VALUES('{$email}','{$password}','name','surname','{$birth}','{$gender}')";
        if ($conn->query($sql) === TRUE) {
            setcookie("email", $email, time() + 86400 * 30, "/");
            header("Location: index.php");
        } else {
            header("Location: index.php?error=2");
        }
        $conn->close();
    }
}

Example #3

Show file

File: check-post.php Project: SergioLazaro/PetSharing

    $pet_age = $_POST["age"];
}
$pet_type = $_POST["pettype"];
$comment = $_POST["comment"];
$user = $_COOKIE["email"];
//$target_dir = "/var/lib/openshift/561e6c1489f5cf425a00010d/app-root/runtime/repo/progetto/images/";
if (isset($pet_type) and isset($comment)) {
    if (checkSQLInjection($pet_type) and checkSQLInjection($comment)) {
        // Check connection
        $conn = mysqli_connect("localhost", "adminID5Rju3", "Rz5h2JWnm4xd", "tweb");
        if ($conn->connect_error) {
            header("Location: post.php?error=1");
        }
        if (isset($pet_name) and isset($pet_age)) {
            //Pet post
            if (checkSQLInjection($pet_name) and checkSQLInjection($pet_age)) {
                $sql = "INSERT INTO post(pet_type,info,post_type,pet_name,pet_age,user) VALUES('{$pet_type}','{$comment}','{$post_type}','{$pet_name}','{$pet_age}','{$user}')";
            } else {
                header("Location: home.php?error=1");
            }
        } else {
            //Carer post
            $sql = "INSERT INTO post(pet_type,info,post_type,user) VALUES('{$pet_type}','{$comment}','{$post_type}','{$user}')";
        }
        if ($conn->query($sql) === TRUE) {
            header("Location: home.php?error=0");
        } else {
            header("Location: home.php?error=2");
        }
        $conn->close();
    } else {

Example #4

Show file

File: check-message.php Project: SergioLazaro/PetSharing

        if (checkSQLInjection($comment)) {
            insertComment($comment, $sender, $receiver, $postid);
        }
    } else {
        //Get comments petition
        getPostComments($postid);
    }
} else {
    //We know It is a chat message
    if (isset($_POST["check"])) {
        //Get chat messages
        getChatMessages($sender, $receiver);
    } else {
        //Here, We insert a new chat message
        $message = $_POST["message"];
        if (checkSQLInjection($message)) {
            insertMessage($message, $sender, $receiver);
        }
    }
}
function checkSQLInjection($data)
{
    $input = strtolower($data);
    if (strpos($input, 'select') !== 0 and strpos($input, 'alter table') !== 0 and strpos($input, 'update') !== 0 and strpos($input, 'delete') !== 0 and strpos($input, 'insert into') !== 0) {
        return 1;
    } else {
        return 0;
    }
}
function insertMessage($message, $sender, $receiver)
{

Example #5

Show file

File: search.php Project: SergioLazaro/PetSharing

//Check SQL INJECTION
function checkSQLInjection($data)
{
    $input = strtolower($data);
    if (strpos($input, 'select') !== 0 and strpos($input, 'alter table') !== 0 and strpos($input, 'update') !== 0 and strpos($input, 'delete') !== 0 and strpos($input, 'insert into') !== 0) {
        return 1;
    } else {
        return 0;
    }
}
?>
<script src="js/search.js"></script>
<div class="main-container">
        <div class="central-panel">
        	<?php 
if (isset($_POST["search"]) and $_POST["search"] !== "" and checkSQLInjection($_POST["search"])) {
    $search = $_POST["search"];
    $conn = mysqli_connect("localhost", "adminID5Rju3", "Rz5h2JWnm4xd", "tweb");
    if ($conn->connect_error) {
        ?>
		            <div class="alert alert-warning">
                		<a class="close" data-dismiss="alert" aria-label="close">&times;</a>
                		<strong>Warning!</strong> Conection problems.
            		</div>
		        <?php 
    } else {
        //First of all, we look for user
        $result = mysqli_query($conn, "SELECT name, surname, birth, gender, email \n\t\t\t        \tFROM user WHERE name = '{$search}' OR surname = '{$search}'");
        $i = 1;
        //If there is a user...
        if (($num_rows = mysqli_num_rows($result)) > 0) {