A better way to block injections

2011-03-07 23:15:44 +00:00 · 2011-03-07 23:15:44 +00:00 · 7bd03b3b98
commit 7bd03b3b98
parent ecee1ec547
1 changed files with 5 additions and 13 deletions
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@ -87,23 +87,15 @@ function analyse_sql_and_script(&$var,$get)
 	{
 		foreach ($var as $key => $value)
 		{
-			/*if (test_sql_and_script_inject($key,$get) > 0) // We do not check key, only values
+			if (analyse_sql_and_script($value,$get))
+			{
+				$var[$key] = $value;
+			}
+			else
 			{
 				print 'Access refused by SQL/Script injection protection in main.inc.php';
 				exit;
 			}
-			else
-			{*/
-				if (analyse_sql_and_script($value,$get))
-				{
-					$var[$key] = $value;
-				}
-				else
-				{
-					print 'Access refused by SQL/Script injection protection in main.inc.php';
-					exit;
-				}
-			/*}*/
 		}
 		return true;
 	}