Found such protection here:
<?php $ip=getenv('REMOTE_ADDR'); class InitVars { // Недопустимые слова в запросах var $deny_words = array("union","char","players","from","truncate","table","select","update","drop","delete","benchmark", "order", "limit", "UNION","CHAR", "DROP", "FROM", "SELECT", "UPDATE", "DELETE", "ORDER", "PLAYERS", "TRUNCATE", "LIMIT", "TABLE", "Union","Players","From","Truncate","Table","Select","Update","Char","Drop","Delete","Benchmark","Order","Limit", "or","OR","Or","and","AND","And"); function InitVars() { } // Метод конвентирует суперглобальные массивы $_POST, $_GET в перемнные // Например : $_GET['psw'] будет переобразовано в $psw с тем же значением function convertArray2Vars () { foreach($_GET as $_ind => $_val) { global $$_ind; if(is_array($$_ind)) $$_ind = htmlspecialchars(stripslashes($_val)); } foreach($_POST as $_ind => $_val) { global $$_ind; if(is_array($$_ind)) $$_ind = htmlspecialchars(stripslashes($_val)); } } // Метод проверяет $_GET и $_POST переменные на наличие опасных данных и SQL инъекций function checkVars() { //Проверка опасных данных. foreach($_GET as $_ind => $_val) { $_GET[$_ind] = htmlspecialchars(stripslashes($_val)); $exp = explode(" ",$_GET[$_ind]); foreach($exp as $ind => $val) { if(in_array($val,$this->deny_words)) $this->antihack("Послушайте, мои маленькие хакеры... Несанкционированный доступ в БД карается лишением свободы на срок от 3-х до 5-ти лет. <br>Вам ведь не нужны проблемы?. "); } } foreach($_POST as $_ind => $_val) { $_POST[$_ind] = htmlspecialchars(stripslashes($_val)); $exp = explode(" ",$_POST[$_ind]); foreach($exp as $ind => $val) { if(in_array($val,$this->deny_words)) $this->antihack("Послушайте, мои маленькие хакеры... Несанкционированный доступ в БД карается лишением свободы на срок от 3-х до 5-ти лет. <br>Вам ведь не нужны проблемы?."); } } } function antihack($msg) { echo "<font color='red'><b>Ошибка: </b></font>$msg<br>\n"; die; } } function GotoTranslit($var){ $NpjLettersFrom = "абвгдезиклмнопрстуфцы"; $NpjLettersTo = "abvgdeziklmnoprstufcy"; $NpjBiLetters = array( "й"=>"y","ё"=>"jo","ж"=>"zh","х"=>"kh","ч"=>"ch", "ш"=>"sh","щ"=>"sch","э"=>"e","ю"=>"yu","я"=>"ya", "ъ"=>"","ь"=>"",); $NpjBLettersFrom = "АБВГДЕЗИКЛМНОПРСТУАЦЫ"; $NpjBLettersTo = "ABVGDEZIKLMNOPRSTUACY"; $NpjBiGLetters = array( "Й"=>"Y","Ё"=>"JO","Ж"=>"ZH","Х"=>"KH","Ч"=>"CH", "Ш"=>"SH","Щ"=>"SCH","Э"=>"E","Ю"=>"YU","Я"=>"YA", "Ъ"=>"","Ь"=>"",); $NpjCaps = "АБВГДЕЁЖЗИЙКЛМНОПРСТУФХЦЧШЩЬЪЫЭЮЯ"; $NpjSmall = "абвгдеёжзийклмнопрстуфхцчшщьъыэюя"; $var = str_replace(".php","",$var); $var = trim(strip_tags($var)); $var = preg_replace( "/\s+/ms","_",$var ); $var = strtr( $var,$NpjBiGLetters ); $var = strtr( $var,$NpjBLettersFrom,$NpjBLettersTo ); $var = strtr( $var,$NpjLettersFrom,$NpjLettersTo ); $var = strtr( $var,$NpjBiLetters ); $var = preg_replace("/[^a-z0-9\_\-.]+/mi","",$var); $var = preg_replace('#[\-]+#i','_',$var); $var = str_replace('_',' ',$var); return $var; } function mclose() { if (@mysql_ping()) {@mysql_close();} } function ip2int($ip) { $a=explode(".",$ip); return $a[0]*256*256*256+$a[1]*256*256+$a[2]*256+$a[3]; } function htmlEncode($txt) { return htmlspecialchars($txt,ENT_QUOTES); } function htmlDecode($txt) { return htmlspecialchars_decode($txt,ENT_QUOTES); } while (list($key,$val) = @each($_GET)) { if (!is_array($val)) { $$key = htmlEncode($val);$_GET["$key"] = $$key; }else { $$key = array(); $tmp = array(); while (list($kkey,$vval) = @each($val)) { if (!is_array($vval)) { $tmp[$kkey] = htmlEncode($vval); }else { $tmp2 = array(); while (list($kkkey,$vvval) = @each($vval)) { $tmp2[$kkkey] = htmlEncode($vvval); } $tmp[$kkey]=$tmp2; } } $$key = $tmp;$_GET["$key"] = $tmp; } } while (list($key,$val) = @each($_POST)) { if (!is_array($val)) { $$key = htmlEncode($val);$_POST["$key"] = $$key; }else { $$key = array(); $tmp = array(); while (list($kkey,$vval) = @each($val)) { if (!is_array($vval)) { $tmp[$kkey] = htmlEncode($vval); }else { $tmp2 = array(); while (list($kkkey,$vvval) = @each($vval)) { $tmp2[$kkkey] = htmlEncode($vvval); } $tmp[$kkey]=$tmp2; } } $$key = $tmp;$_POST["$key"] = $tmp; } } ?> A question how to install it correctly
1) Throw in every file on the site
2) Or create a separate file def.php and to it from each page like this include 'def.php'; To connect?
// Метод конвентирует суперглобальные массивы $_POST, $_GET в перемнные // Например : $_GET['psw'] будет переобразовано в $psw с тем же значением. I did not read further ... - Alex Kapustin