Sql injection + ONly a to z and 0 to 9 character allowed

phprock

Hello,

How I can i allow in my query only character
a to z and number 0 to 9. All other character should not allowed.

I m using the following code

$badword=array("select","'","drop", ";", "--",".","insert", "delete","union","xp_","http","/etc","<",">","/","=","%");
switch ($_SERVER["REQUEST_METHOD"]) {
  case "POST":
    while (list ($key, $val) = each ($_POST)) {
     if(in_array($val,$badword)){
     die("F**k You");
     }
      $$key = addslashes($val);
    }
    break;
  case "GET":
     while (list ($key, $val) = each ($_GET)) {
    if(in_array($val,$badword)){
die("F**k You");     }
      $$key =addslashes($val);
    }
    break;
  }

But if someuser type view.php?id= SELECT it won't detect..because of case sensitive.

Even if someone type %select it does not even detect.
How can i split every single character and check if it is in the banned words, and it will check regardless case sensitive.

I think best function I need to is allow only the follow character
a to z or A to Z
and 0 to 9

Thanks

zhabala

And what about this :


if ( ereg("[^a-zA-Z0-9]", $parameter) ) {
    echo "What are you trying out ?";
}

Zdenek