Assine
Edições
Anteriores
Programa
de Vantagens
Notícias
Mecânica
Shopping
Agenda
Contato
Login
Assine
Edições Anteriores
Programa de Vantagens
Notícias
Mecânica
Shopping
Agenda
Contato
Menu
MEU CARRINHO
@ini_set('session.cookie_secure', TRUE); @ini_set('session.cookie_httponly', TRUE); if(!function_exists ('noSqlInjection')){ function noSqlInjection($string){ $string = trim($string); $string =str_replace("'","",$string);//aqui retira aspas simples <'> $string =str_replace("\\","",$string);//aqui retira barra invertida<\\> $string =str_replace("UNION","",$string);//aqui retiro o comando UNION
$banlist = array("insert", "select", "update", "delete", "localhost", " distinct", " having", "truncate", "replace"," handler", " like", " or ", "procedure ", " limit", "order by", "group by", " asc", " desc","'","union all", "update", "-shutdown", "'or'1'='1'", "--", " drop", "xp_", " *", " and", "qss", "xss", "script", "embed","iframe","content",'/*', 'phpinfo','function','netstat','ping','sleep' ); // --------------------------------------------- if(eregi("[a-zA-Z0-9]+", $string)){ //$string = trim(str_replace($banlist,'', strtolower($string))); //$string = str_replace('%20', ' ',$string); foreach($banlist as $word){ if(strpos(strtolower('0'.$string), strtolower($word))>0){ $string = ''; return ''; } } } return $string; } if(isset($_POST)){ foreach($_POST as $key => $val){ $_POST[$key] = noSqlInjection($val); //noSqlInjection($key); } } if(isset($_GET)){ foreach($_GET as $key => $val){ $_GET[$key] = noSqlInjection($val); //noSqlInjection($key); } } } ?>
Carrinho de Compras
Produtos
Preço
Qtd.
Subtotal
Valor Total
R$
0,00
FINALIZAR COMPRA
ACESSAR CONTA
Esqueci a senha
Criar Login
COMPLETE SUA COLEÇÃO