<?php function sqli_filter($string) { $filtered_string = $string; $filtered_string = str_replace("--","",$filtered_string); $filtered_string = str_replace(";","",$filtered_string); $filtered_string = str_replace("/*","",$filtered_string); $filtered_string = str_replace("*/","",$filtered_string); $filtered_string = str_replace("//","",$filtered_string); $filtered_string = str_replace(" ","",$filtered_string); $filtered_string = str_replace("#","",$filtered_string); $filtered_string = str_replace("||","",$filtered_string); $filtered_string = str_replace("admin'","",$filtered_string); $filtered_string = str_replace("UNION","",$filtered_string); $filtered_string = str_replace("COLLATE","",$filtered_string); $filtered_string = str_replace("DROP","",$filtered_string); return $filtered_string; } $u = sqli_filter("' union all select password from users where type = 'Admin"); $sql = "SELECT salt FROM users WHERE eid='$u'"; echo $sql;
You have javascript disabled. You will not be able to edit any code.