Creating super class for PHP form protection [closed]

1

I have the idea of trying to build a super class to protect forms.

Who has new ideas post there so I can update.

Does anyone add anything else?

function seguro($sql){
// remove palavras que contenham sintaxe sql
    $sql = preg_replace(prepared("/(from|select|insert|delete|where|drop table|show tables|#|\*|--|\\)/"),"",$sql);
    $sql = strip_tags($sql);//tira tags html e php
    $sql = addslashes($sql);//Adiciona barras invertidas a uma string
    if(!get_magic_quotes_gpc()) {
        $obj = addslashes($sql);
        return $sql;
    }
    return $sql;
}
  

Version: 1.2

    
asked by anonymous 02.08.2017 / 14:02

1 answer

0

Use the PDO library to conduct queries and also to protect your queries. In your case, it would look like this:

//modo de usar pegando dados vindos do formulário
$nome = $_POST["nome"];
$senha = $_POST["senha"];

$pdo = new PDO('mysql:host=localhost;dbname=banco', 'usuario', 'senha');
$stmt = $pdo->prepare('SELECT * FROM usuario WHERE nome = :nome and senha = :senha');
$run = $stmt->execute(array(
    ":nome" => $nome,
    ":senha" => $senha,
));
$result = $stmt->fetchAll(PDO::FETCH_ASSOC);

Using this way, the prepare method of the PDO avoids SQL injection.

    
02.08.2017 / 14:42