|
Posted by muldoonaz on 09/08/05 00:33
Michael G wrote:
> The following is from
> http://php.mirrors.ilisys.com.au/manual/en/security.database.sql-injection.php .
>
> Would someone explain the following lines, in particular I don't understand
> '$paramArr[\'$1\']' nor do I understand how the syntax {1} works or how it
> is related to arrays?
>
> Thanks, mIke.
>
> <some code snipped>
> ...
> return preg_replace('/\{(.*?)\}/ei','$paramArr[\'$1\']', $queryString);
> }
>
> $sqlQuery = 'SELECT col1, col2 FROM tab1 WHERE col1 = {1} AND col3 = {2}
> LIMIT {3}';
> $stm = mysql_query(prepareSQL($sqlQuery, array('username', 24.3, 20);
> ?>
>
>
>
> ----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
> http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
> ----= East and West-Coast Server Farms - Total Privacy via Encryption =----
look at the snippet of code and you'll find your answer. the $paramArr
variable is passed with the calling of the function.
you'd type the following into your script: prepareSQL("something",
"here"); and "here" would become $paramArr.
-- code --
<?php
function prepareSQL($queryString, $paramArr) {
foreach (array_keys($paramArr) as $paramName) {
if (is_int($paramArr[$paramName])) {
$paramArr[$paramName] = (int)$paramArr[$paramName];
}
elseif (is_numeric($paramArr[$paramName])) {
$paramArr[$paramName] = (float)$paramArr[$paramName];
}
elseif (($paramArr[$paramName] != 'NULL') and
($paramArr[$paramName] != 'NOT NULL')) {
$paramArr[$paramName] =
mysql_real_escape_string(stripslashes($paramArr[$paramName]));
$paramArr[$paramName] = '\''.$paramArr[$paramName].'\'';
}
}
return preg_replace('/\{(.*?)\}/ei','$paramArr[\'$1\']', $queryString);
}
[Back to original message]
|