| | |
|---|
| | | |
|---|
| | | if($ids_config['sql_scan_enabled'] == 'yes') { |
|---|
| | | |
|---|
| | | // Remove whitespace |
|---|
| | | $string = trim($string); |
|---|
| | | if(substr($string,-1) == ';') $string = substr($string,0,-1); |
|---|
| | | |
|---|
| | | // Save original string |
|---|
| | | $string_orig = $string; |
|---|
| | | |
|---|
| | | //echo $string; |
|---|
| | | $chars = array(';', '#', '/*', '*/', '--', ' UNION ', '\\\'', '\\"'); |
|---|
| | | $chars = array(';', '#', '/*', '*/', '--', '\\\'', '\\"'); |
|---|
| | | |
|---|
| | | $string = str_replace('\\\\', '', $string); |
|---|
| | | $string = preg_replace('/(^|[^\\\])([\'"])(.*?[^\\\]?)\\2/is', '$1', $string); |
|---|
| | | $string = preg_replace('/(^|[^\\\])([\'"])\\2/is', '$1', $string); |
|---|
| | | $string = preg_replace('/(^|[^\\\])([\'"])(.*?[^\\\])\\2/is', '$1', $string); |
|---|
| | | $ok = true; |
|---|
| | | |
|---|
| | | if(substr_count($string, "`") % 2 != 0 || substr_count($string, "'") % 2 != 0 || substr_count($string, '"') % 2 != 0) { |
|---|
