Hi!
I would like to allow some admins to manually enter SQL statements in a textfield (to get statistic data etc.). On the database layer, I protected the data by creating a user which can only select but not update/delete etc.
I would like to add a second security by checking the inserted SQL for bad words such as DROP
, DELETE
or UPDATE
. I figured out how to do that with preg_match but I would love to have a smart script which can distiguish between a DROP
and something like WHERE name = 'DROP 1'
EDIT: I would like to log if an admin tries to uses such statements. That's why I need this second level security check. This is for clarification.
Does anyone know a code snipped which fits this example?
Thanks!!