
<?
// This Class By -> Bruce
// safe sql From xss and sql injection
// 2007
class sql_securty{
 function check_sql($vars,$type){
// Pars 1 -> just numbric
  if($type == 1){
     $vars = intval($vars);
  }
// Part2 -> safe from sql injection ,, and add slashe
  elseif($type == 2){
  if(get_magic_quotes_gpc() == 0){
    $vars = addslashes(htmlspecialchars($vars));
  }
  }
// Parst3 -> remove any slashe
  elseif($type == 3){
    $vars = stripslashes($vars);
  }
// Parst4 -> dont input HTML
  elseif($type == 4){
    $vars = htmlspecialchars($vars);
  }
// Part5 -> remove space
  elseif($type == 5){
    $vars = trim($vars);
  }
// Pars6 -> remove some words
  elseif($type == 6){
    $vars = str_replace("select","",$vars);
    $vars = str_replace("insert","",$vars);
    $vars = str_replace("update","",$vars);
    $vars = str_replace("delet","",$vars);
    $vars = str_replace("great","",$vars);
    $vars = str_replace("drop","",$vars);
    $vars = str_replace("grant","",$vars);
    $vars = str_replace("union","",$vars);
    $vars = str_replace("group","",$vars);
    $vars = str_replace("FROM","",$vars);
    $vars = str_replace("where","",$vars);
    $vars = str_replace("limit","",$vars);
    $vars = str_replace("order","",$vars);
    $vars = str_replace("by","",$vars);
    $vars = str_replace("\.","",$vars);
    $vars = str_replace("\..","",$vars);
    $vars = str_replace("\...","",$vars);
    $vars = str_replace("\/","",$vars);
    $vars = str_replace("\"","",$vars);
    $vars = str_replace("\'","",$vars);
    $vars = str_replace("%","",$vars);
    $vars = str_replace("\*","",$vars);
    $vars = str_replace("\#","",$vars);
    $vars = str_replace("\;","",$vars);
    $vars = str_replace("\\","",$vars);
    $vars = str_replace("\~","",$vars);
    $vars = str_replace("\&","",$vars);
    $vars = str_replace("@","",$vars);
    $vars = str_replace("\!","",$vars);
    $vars = str_replace(":","",$vars);
    $vars = str_replace("+","",$vars);
    $vars = str_replace("script","",$vars);
    $vars= str_replace("body","",$vars);
    $vars = str_replace("on","",$vars);
    $vars= str_replace("<","&l",$vars);
    $vars = str_replace(">","&",$vars);
  }elseif($type == 7){
    $vars = md5($vars);
  }else{
    $vars = $vars;
  }
  return $vars;
 }
}


$safe = new sql_securty;

?>