Archive for April, 2007

Forbidden Words

SQL statements which can be dangerous.
I will create an array witch contains all these words and a function to test whether the request contains these words.

$forbidden = array(';','DELETE','DO','INSERT','UPDATE','REPLACE','ALTER','CREATE','DROP','RENAME','DESCRIBE','USE','LOAD');
$tmp_found = false;
foreach ($forbidden as $forbidden_word) {
	if (stristr($_POST['request'],$forbidden_word)) $tmp_found = true;
}

Prototype ajax updater response

Very important: for each php response add this line – with the appropriate charset

header('Content-type: text/html; charset=iso-8859-1');
date("Y-m-d H:i:s");

Prototype: eval request response

new Ajax.Request(
	'../include/update_update_dropdown.php', {
		method: 'post',
		encoding: 'ISO-8859-1',
		parameters: 'updateDropDown=1&sender='+sender.id,
		onComplete:function(transport) { eval(transport.responseText); },
		asynchronous: true
});