https://github.com/sinhapaurush/protection

Last synced: 11 months ago
JSON representation

Host: GitHub
URL: https://github.com/sinhapaurush/protection
Owner: sinhapaurush
Created: 2022-07-15T16:03:44.000Z (over 3 years ago)
Default Branch: main
Last Pushed: 2022-07-15T16:18:28.000Z (over 3 years ago)
Last Synced: 2025-02-12T07:25:46.614Z (about 1 year ago)
Language: PHP
Size: 2.93 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: readme.md

Awesome Lists containing this project

README

          # String Protection

This library have simple functions to replace special charecters from strings, in order to prevent XSS and SQL Injecion attacks on file.

## clean()

Removes all special charecters including spaces. This function ignores '@' and '.' making it suitable for E-Mail addresses.

## cleanWithSpaces()

Removes all special charecters, excluding spaces and '@'.

## linient()

Only removes --, ', " and % making less vulnerable to SQL Injection.

### Example

$email = $_POST['mail'];

$pass = $_POST['pass'];

$query = "SELECT * FROM table WHERE email = '{$email}' AND password='{$pass}'";

// ABOVE QUERY WILL BREAK IF USER/HACKER TRIES TO PASS ' in variable or hacker can externally modify this query due to this raw variable, check how below.

If hacker tries to bypass password, then he can try to pass "abc@xyz.com'--" to bypass it, so clean() will help here.

Saving variables like below can help

$email = clean($_POST['mail']);

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/sinhapaurush/protection

Awesome Lists containing this project

README