document.write('

'); document.write('
'); document.write('<?php
'); document.write('        function anti_injection( $user, $pass ) {
'); document.write('                # We\'ll first get rid of any special characters using a simple regex statement.
'); document.write('                # After that, we\'ll get rid of any SQL command words using a string replacment.
'); document.write('                $banlist = array (
'); document.write('                        "insert", "select", "update", "delete", "distinct", "having", "truncate", "replace",
'); document.write('                        "handler", "like", " as ", "or ", "procedure", "limit", "order by", "group by", "asc", "desc"
'); document.write('                );
'); document.write('                // ---------------------------------------------
'); document.write('                if ( eregi ( "[a-zA-Z0-9]+", $user ) ) {
'); document.write('                        $user = trim ( str_replace ( $banlist, \'\', strtolower ( $user ) ) );
'); document.write('                } else {
'); document.write('                        $user = NULL;
'); document.write('                }
'); document.write('                // ---------------------------------------------
'); document.write('                # Now to make sure the given password is an alphanumerical string
'); document.write('                # devoid of any special characters. strtolower() is being used
'); document.write('                # because unfortunately, str_ireplace() only works with PHP5.
'); document.write('                if ( eregi ( "[a-zA-Z0-9]+", $pass ) ) {
'); document.write('                        $pass = trim ( str_replace ( $banlist, \'\', strtolower ( $pass ) ) );
'); document.write('                } else {
'); document.write('                        $pass = NULL;
'); document.write('                }
'); document.write('                // ---------------------------------------------
'); document.write('                # Now to make an array so we can dump these variables into the SQL query.
'); document.write('                # If either user or pass is NULL (because of inclusion of illegal characters),
'); document.write('                # the whole script will stop dead in its tracks.
'); document.write('                $array = array ( \'user\' => $user, \'pass\' => $pass );
'); document.write('                // ---------------------------------------------
'); document.write('                if ( in_array ( NULL, $array ) ) {
'); document.write('                        die ( \'Invalid use of login and/or password. Please use a normal method.\' );
'); document.write('                } else {
'); document.write('                        return $array;
'); document.write('                }
'); document.write('        }
'); document.write('?>
'); document.write('
'); document.write(' 
'); document.write('
 
Brought to you by the community at byteMyCode.
');