class Sanitize
{
private $data;
public function __construct($input)
{
$this->data = $input;
}
public function getData()
{
return $this->data;
}
public function sanitize()
{
$this->data = mysql_real_escape_string($this->data);
}
}
$sanitizer = new Sanitize($tainted);
$sanitizer->sanitize();
$tainted = $sanitizer->getData();
$query = sprintf("SELECT * FROM '%s'", $tainted);
$conn = mysql_connect('localhost', 'mysql_user', 'mysql_password');
// Connection to the database (address, user, password)
mysql_select_db('dbname');
echo "query : " . $query . "<br /><br />";
$res = mysql_query($query);
//execution
while ($data = mysql_fetch_array($res)) {
print_r($data);
echo "<br />";
}
mysql_close($conn);
MODIFICATIONS.*/
$descriptorspec = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("file", "/tmp/error-output.txt", "a"));
$cwd = '/tmp';
$process = proc_open('more /tmp/tainted.txt', $descriptorspec, $pipes, $cwd, NULL);
if (is_resource($process)) {
fclose($pipes[0]);
$tainted = stream_get_contents($pipes[1]);
fclose($pipes[1]);
$return_value = proc_close($process);
}
class Sanitize
{
public function sanitize($input)
{
return mysql_real_escape_string($input);
}
}
$temp = new Sanitize();
$tainted = $temp->sanitize($tainted);
$query = "SELECT lastname, firstname FROM drivers, vehicles WHERE drivers.id = vehicles.ownerid AND vehicles.tag=' {$tainted} '";
$conn = mysql_connect('localhost', 'mysql_user', 'mysql_password');
// Connection to the database (address, user, password)
mysql_select_db('dbname');
echo "query : " . $query . "<br /><br />";
$res = mysql_query($query);
//execution
while ($data = mysql_fetch_array($res)) {
print_r($data);
echo "<br />";
}
mysql_close($conn);
