Error in PHP 7: Call to undefined function sql_regcase

-1

Does anyone know what this function would look like in PHP 7?

function AntiSqlInjection($dados){       
     if (!get_magic_quotes_gpc){
       addslashes($dados);
     }       

     $dados= strip_tags($dados);          
       $dados= preg_replace(sql_regcase("/(from|select|insert|delete|where|drop table|show tables)/"),'', $dados);  
       return $dados;      
}//end

$usuario= AntiSqlInjection($usuario);
$senha= AntiSqlInjection($senha);
    
asked by anonymous 01.03.2018 / 17:30

2 answers

2

sql_regcase has become obsolete a long time, you can try using as Alternatively:

Of course you will have to adapt the code and read the documentation of how to use, not just switch , however if it is MySql and what you are wanting to do is an anti-injection I really recommend that instead of doing all this simply use the ready-made functions of the new APIs that already exist

You are probably using the old API even though the functions are prefixed with mysql_ , if it is difficult to adjust the codes for the most modern apis like PDO or MYSQLi then use simplemenete:

  • mysql_real_escape (which of course is obsolete too since it is part of the old API since starts with mysql_ )

It should look like this:

$usuario= mysql_real_escape($usuario);
$senha= mysql_real_escape($senha);

However, it is highly recommended that you change your codes as soon as possible to PDO or MYSQLI, since functions with mysql_ prefix no longer work in newer versions of PHP ( php 7 + ) and so sooner or later you will need to migrate to a server with php7 (if your server uses PHP5), I recommend that you read:

If you use the mysqli API a simple example to avoid injection is to use mysqli_real_escape_string , example:

<?php
$link = mysqli_connect("localhost", "usuario", "senha", "banco");

if (mysqli_connect_errno()) {
    printf("Conexão falhou: %s\n", mysqli_connect_error());
    exit;
}

$usuario = mysqli_real_escape_string($link, $_POST['usuario']);
$senha = mysqli_real_escape_string($link, $_POST['senha']);

if (mysqli_query($link, "SELECT * FROM usuarios WHERE login='$login' AND senha='$senha')")) {
    ... resto do código aqui
}

mysqli_close($link);

Or you may prefer prepared statments from which you do not need to escape the strings:

<?php
$link = mysqli_connect("localhost", "usuario", "senha", "banco");

/* check connection */
if (mysqli_connect_errno()) {
    printf("Conexão falhou: %s\n", mysqli_connect_error());
    exit;
}

/* Prepara uma instrução */
if ($stmt = mysqli_prepare($link, "SELECT * FROM usuarios WHERE login=? and senha=?")) {

    /* bind parameters for markers */
    mysqli_stmt_bind_param($stmt, "s", $usuario);
    mysqli_stmt_bind_param($stmt, "s", $senha);

    /* executa a query */
    mysqli_stmt_execute($stmt);

    ... resto do código aqui ...

    /* fecha o statement */
    mysqli_stmt_close($stmt);
}

/* fecha a conexão */
mysqli_close($link);
    
01.03.2018 / 18:17
1

This is a function that has been deprecated (has become obsolete) for many years but you can generate something generic

function my_Sql_regcase($str){

    $res = "";

    $chars = str_split($str);
    foreach($chars as $char){
        if(preg_match("/[A-Za-z]/", $char)){
             $res .= "[".mb_strtoupper($char, 'UTF-8').mb_strtolower($char, 'UTF-8')."]";
        }else{
            $res .= $char;
        }
     }

     return $res;
}

You can use the function as follows

$dados= preg_replace(my_Sql_regcase("/(from|select|insert|delete|where|drop table|show tables)/"),'', $dados);
    
01.03.2018 / 17:47