omerucel · January 27, 2011 17:16 · Jan 27, 2011
diff --git a/Security.php b/Security.php
@@ -0,0 +1,39 @@
+<?php
+class Security {
+
+	/**
+	 * if(Security::checkInjection($value)) {
+	 * 		error_log('Possible SQL/XSS injection attack detected with the request '.$value);
+	 * }
+	 *
+	 * @param  $value
+	 * @return bool
+	 */
+	public static function checkInjection($value)
+	{
+		$injections = array(
+			//SQL injections
+			'/(\%27)|(\')|(\-\-)|(\%23)|(#)/im',
+			'/((\%3D)|(=))[^\n]*((\%27)|(\')|(\-\-)|(\%3B)|(;))/im',
+			'/\d*((\%6F)|o|(\%4F))((\%72)|r|(\%52)).*(=).*/im',
+			'/\w*((\%27)|(\'))((\%6F)|o|(\%4F))((\%72)|r|(\%52))/im',
+			'/((\%27)|(\'))union/im',
+			'/(exec|call)(\s|\+)+(s|x)p\w+/im',
+			//XSS Injection
+			'/((\%3C)|<)((\%2F)|\/)*[a-z0-9\%]+((\%3E)|>)/im',
+			'/((\%3C)|<)((\%69)|i|(\%49))((\%6D)|m|(\%4D))((\%67)|g|(\%47))[^\n]+((\%3E)|>)/im',
+			'/((\%3C)|<)[^\n]+((\%3E)|>)/i'
+		);
+
+		foreach ($injections as $regexp)
+		{
+			var_dump($regexp);
+			if (preg_match($regexp, $value))
+			{
+				return true;
+			}
+		}
+		return false;
+	}
+
+}