<?php $search = 'a\' UNION (SELECT 1, fname, username, password FROM users);--'; $keywords = ["SELECT", "FROM", "WHERE", "LIKE", "AND", "OR", "ON","UNION", "JOIN"]; //sprintf requires textual percent signs to be escaped as %% $query = 'SELECT * FROM shopping WHERE title LIKE \'%%%s%%\''; foreach ($keywords as $w) { if (false !== stripos($search, $w)) { //found a keyword build the replacement capture groups. $patterns = '/\b(' . implode('|', $keywords) . ')\b/i'; $query = preg_replace($patterns, '$1JERRY', $query); break; } } printf($query, $search);
You have javascript disabled. You will not be able to edit any code.