MEU CARRINHO
@ini_set('session.cookie_secure', TRUE);
@ini_set('session.cookie_httponly', TRUE);
if(!function_exists ('noSqlInjection')){
function noSqlInjection($string){
$string = trim($string);
$string =str_replace("'","",$string);//aqui retira aspas simples <'>
$string =str_replace("\\","",$string);//aqui retira barra invertida<\\>
$string =str_replace("UNION","",$string);//aqui retiro o comando UNION
$banlist = array("insert", "select", "update", "delete", "localhost", " distinct", " having", "truncate", "replace"," handler", " like", " or ", "procedure ", " limit", "order by", "group by", " asc", " desc","'","union all", "update", "-shutdown", "'or'1'='1'", "--", " drop", "xp_", " *", " and", "qss", "xss", "script", "embed","iframe","content",'/*', 'phpinfo','function','netstat','ping','sleep' );
// ---------------------------------------------
if(eregi("[a-zA-Z0-9]+", $string)){
//$string = trim(str_replace($banlist,'', strtolower($string)));
//$string = str_replace('%20', ' ',$string);
foreach($banlist as $word){
if(strpos(strtolower('0'.$string), strtolower($word))>0){
$string = '';
return '';
}
}
}
return $string;
}
if(isset($_POST)){
foreach($_POST as $key => $val){
$_POST[$key] = noSqlInjection($val);
//noSqlInjection($key);
}
}
if(isset($_GET)){
foreach($_GET as $key => $val){
$_GET[$key] = noSqlInjection($val);
//noSqlInjection($key);
}
}
}
?>
Carrinho de Compras