[rpgamersnet]

Quote:

Originally Posted by Hippy

what good data is it removing ?

If you refer to this post: https://vborg.vbsupport.ru/showpost....91&postcount=5

The code I am asking about is the loop that removes all the SQL keywords from the comments. Most I'm sure won't come across in normal comments, but filtering out parts like "or" and "and" are going to catch and mess up standard comments, as given in the example on that post.

"I got the high score!" becomes "I got the high sce!"

"Got a great hand on the last round!" -> "Got a great h on the last round"

Some basic words will get filtered as well, not just the bad SQL data, which is why I suggested that maybe this fix is not the best solution. Code I am questioning is quoted here:

PHP Code:

function recursive_str_ireplace($replacethis,$withthis,$inthis)
{
    while (1==1)
    {
        $inthis = str_ireplace($replacethis,$withthis,$inthis);
        if(stristr($inthis, $replacethis) === FALSE)
        {
            RETURN $inthis;
        }
    }
    RETURN $inthis;
} 


PHP Code:

 // remove any SQL-commands
    $sqlcomm[] = 'create';
    $sqlcomm[] = 'database';
    $sqlcomm[] = 'table';
    $sqlcomm[] = 'insert';
    $sqlcomm[] = 'update';
    $sqlcomm[] = 'rename';
    $sqlcomm[] = 'replace';
    $sqlcomm[] = 'select';
    $sqlcomm[] = 'handler';
    $sqlcomm[] = 'delete';
    $sqlcomm[] = 'truncate';
    $sqlcomm[] = 'drop';
    $sqlcomm[] = 'where';
    $sqlcomm[] = 'or';
    $sqlcomm[] = 'and';
    $sqlcomm[] = 'values';
    $sqlcomm[] = 'set';
    $sqlcomm[] = 'password';
    $sqlcomm[] = 'salt';
    $sqlcomm[] = 'concat';
    $sqlcomm[] = 'schema';
    $value = recursive_str_ireplace($sqlcomm, '', $value); 


Some recent threads have started to appear complaining of errors appearing, this new code is also the source of those new problems; the new recursive_str_ireplace loop to replace these parts of the comment field.... and any other field being filtered by the ibp_cleansql function.