Is this safe?

  • Bogey
  • Genius
  • Genius
  • Bogey
  • Posts: 8416
  • Loc: USA

Post 3+ Months Ago

PHP Code: [ Select ]
<?php
 
    function build_key_query($sql)
    {
        // Allowed SQL query functions to be performed.
        $sql_queries = array(
                            'SELECT',
                            'FROM',
                            'LEFT JOIN',
                            'JOIN',
                            'RIGHT JOIN',
                            'FULL JOIN',
                            'WHERE',
                            'ORDER BY',
                            'ASC',
                            'DESC'
        );
 
        // Checking if $sql is an array
        if(!is_array($sql))
        {
            trigger_error('The variable <strong>$sql</strong> is not an array ', E_USER_ERROR);
        }
       
        // Checking if $sql is a valid array
        if(!rkey_exists($sql, $sql_queries))
        {
            trigger_error('The variable <strong>$sql</strong> is not a valid array ', E_USER_ERROR);
        }
       
        // Looping through the SQL array and creating the query
        foreach($sql as $type => $query)
        {
            $squery .= ' ' . strtoupper($type) . ' ' . strtolower($query);
        }
       
        // Returning the build query
        return trim($squery);
    }
 
    function rkey_exists($needle, $haystack)
    {
        // Checking if $needle or $haystack are arrays
        if(!is_array($needle) || !is_array($haystack))
        {
            trigger_error('The variable <strong>$needle</strong> or <strong>$haystack</strong> is not an array ', E_USER_ERROR);
        }
   
        $i = 0;
       
        // Looping through the needle and setting the $stack to be the key
        foreach($needle as $stack => $dull)
        {
            // Checking if $stack exists in $haystack
            if(!in_array($stack, $haystack))
            {
                // $stack does not exist in $haystack... return false, then break.
                return false;
                break;
            }
            ++$i;
        }
       
        // All of the $stacks were in $haystack... return true
        return true;
    }
?>
  1. <?php
  2.  
  3.     function build_key_query($sql)
  4.     {
  5.         // Allowed SQL query functions to be performed.
  6.         $sql_queries = array(
  7.                             'SELECT',
  8.                             'FROM',
  9.                             'LEFT JOIN',
  10.                             'JOIN',
  11.                             'RIGHT JOIN',
  12.                             'FULL JOIN',
  13.                             'WHERE',
  14.                             'ORDER BY',
  15.                             'ASC',
  16.                             'DESC'
  17.         );
  18.  
  19.         // Checking if $sql is an array
  20.         if(!is_array($sql))
  21.         {
  22.             trigger_error('The variable <strong>$sql</strong> is not an array ', E_USER_ERROR);
  23.         }
  24.        
  25.         // Checking if $sql is a valid array
  26.         if(!rkey_exists($sql, $sql_queries))
  27.         {
  28.             trigger_error('The variable <strong>$sql</strong> is not a valid array ', E_USER_ERROR);
  29.         }
  30.        
  31.         // Looping through the SQL array and creating the query
  32.         foreach($sql as $type => $query)
  33.         {
  34.             $squery .= ' ' . strtoupper($type) . ' ' . strtolower($query);
  35.         }
  36.        
  37.         // Returning the build query
  38.         return trim($squery);
  39.     }
  40.  
  41.     function rkey_exists($needle, $haystack)
  42.     {
  43.         // Checking if $needle or $haystack are arrays
  44.         if(!is_array($needle) || !is_array($haystack))
  45.         {
  46.             trigger_error('The variable <strong>$needle</strong> or <strong>$haystack</strong> is not an array ', E_USER_ERROR);
  47.         }
  48.    
  49.         $i = 0;
  50.        
  51.         // Looping through the needle and setting the $stack to be the key
  52.         foreach($needle as $stack => $dull)
  53.         {
  54.             // Checking if $stack exists in $haystack
  55.             if(!in_array($stack, $haystack))
  56.             {
  57.                 // $stack does not exist in $haystack... return false, then break.
  58.                 return false;
  59.                 break;
  60.             }
  61.             ++$i;
  62.         }
  63.        
  64.         // All of the $stacks were in $haystack... return true
  65.         return true;
  66.     }
  67. ?>

I'm pretty sure that it is. The reason I made that function is because I would be doing something beyond this... an automated easy system, but before I go on, I just want to know if it's safe enough.

Post Information

  • Total Posts in this topic: 1 post
  • Users browsing this forum: No registered users and 59 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.