Professional Web Applications Themes

Help with eregi & eregi_replace - PHP Development

Hello all. I am starting to work on a URL "cleaner" of sorts. The code below is only checking for a few simple entries on the URL, but for some reason it is not replacing them with "" when found. $qs and $clean_qs produce the same results. Also, can someone who is fluent with regex stuff take a look at my eregi expressions ? Im not sure if this is the most efficient way of searching through the URL for a match. $qs = $PHP_SELF . "?" . $HTTP_SERVER_VARS['QUERY_STRING']; $urlcheck = array ( "%20OR%20", "--", "xp_cmdshell" ); $urlclean = array ...

  1. #1

    Default Help with eregi & eregi_replace

    Hello all.
    I am starting to work on a URL "cleaner" of sorts. The code below is only
    checking
    for a few simple entries on the URL, but for some reason it is not replacing
    them
    with "" when found.
    $qs and $clean_qs produce the same results.

    Also, can someone who is fluent with regex stuff take a look at my
    eregi expressions ? Im not sure if this is the most efficient way of
    searching
    through the URL for a match.

    $qs = $PHP_SELF . "?" . $HTTP_SERVER_VARS['QUERY_STRING'];
    $urlcheck = array (
    "%20OR%20",
    "--",
    "xp_cmdshell"
    );
    $urlclean = array (
    "",
    "",
    ""
    );
    $badurl = 0;
    while (list ($key, $val) = each ($urlcheck)) {
    if (eregi($val, $qs)) {
    $badurl = 1;
    }
    }
    $clean_qs = eregi_replace ($urlcheck, $urlclean, $qs);
    echo $qs;
    echo "<br>";
    echo $clean_qs;

    Many thanks all.


    fartsniff Guest

  2. #2

    Default Re: Help with eregi & eregi_replace

    ok. since my last post, i have been tinkering =) this is what i have so far,
    but i have
    yet another question.

    1) does anyone know of other SQL Injection style commands that can be
    passed,s
    so that I can add them to my array ?

    2) in my $urlcheck array what is the best way to search for ANY that is
    entered
    like 1=1, or 2=2, etc. now granted, if the %20OR%20 is detected the 1=1
    usually
    would follow, so the $badurl would be "flagged" anyway, but without entering
    a
    bunch of 1=1, 2=2, etc. is there an easier way ?

    $qs = $PHP_SELF . "?" . $HTTP_SERVER_VARS['QUERY_STRING'];
    $urlcheck = array (
    "%20OR%20",
    "--",
    "xp_cmdshell",
    "1=1"
    );
    $badurl = 0;
    while (list ($key, $val) = each ($urlcheck)) {
    if (eregi($val, $qs)) {
    $badurl = 1;
    }
    }

    if ($badurl) {
    $clean_qs = str_replace ($urlcheck, "", $qs);
    header("Location: http://" . $_SERVER['SERVER_NAME'] . $clean_qs);
    }

    Thanks again, back to tinkering...


    fartsniff Guest

Similar Threads

  1. eregi_replace problem
    By Brian in forum PHP Development
    Replies: 4
    Last Post: May 29th, 09:01 AM
  2. eregi_replace: why doesn´t this work?
    By Florian Leeber in forum PHP Development
    Replies: 3
    Last Post: December 12th, 05:17 PM
  3. text formatting using eregi_replace
    By David in forum PHP Development
    Replies: 4
    Last Post: November 30th, 06:39 PM
  4. PHP eregi_replace Why doesn't it...
    By Ryan in forum PHP Development
    Replies: 1
    Last Post: August 18th, 01:16 AM
  5. Using eregi_replace()
    By Anthony Ritter in forum PHP Development
    Replies: 7
    Last Post: August 1st, 03:58 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139