PHP-SECURITY-CODE/SQL-INJECTION.php at main · MacWill20/PHP-SECURITY-CODE · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
<?php
    //Patterns, used to detect Malicous Request (SQL Injection)
$patterns = array(
        "+select+",
        "+union+",
        "union+",
        "+or+",
        "**/",
        "/**",
        "0x3a",
        "/*",
        "*/",
        "*",
        ";",
        "||",
        "' #",
        "or 1=1",
        "'1'='1",
        "S@BUN",
        "`",
        "'",
        '"',
        "<",
        ">",
        "1,1",
        "1=1",
        "sleep(",
        "%27",
        "<?",
        "<?php",
        "?>",
        "../",
        "loopback",
        "%0A",
        "%0D",
        "%3C",
        "%3E",
        "%00",
        "%2e%2e",
        "input_file",
        "path=.",
        "mod=.",
        "eval\(",
        "javascript:",
        "base64_",
        "boot.ini",
        "etc/passwd",
        "self/environ",
        "echo.*kae",
        "=%27$"
    );
?>