DB_SERVER, 'db_user' => DB_SERVER_USERNAME, 'db_pass' => DB_SERVER_PASSWORD, 'db_data' => DB_NAME ); $this -> conf = $conf; } public function DbConnect() { $this -> conf['db_conn'] = mysql_connect($this -> conf['db_host'], $this -> conf['db_user'], $this -> conf['db_pass']) or die(mysql_error()); mysql_select_db($this -> conf['db_data'], $this -> conf['db_conn']) or die(mysql_error()); return true; } public function DbClose() { //mysql_close($this -> conf['db_conn']) or die(mysql_error()); return true; } public function executeQuery ($query) { $this->DbConnect(); $this->preventSQLInjection($query); $result=mysql_query($query); $this->DbClose(); return $result; } private function preventSQLInjection($query) { $querySTR = strtoupper($query); $querySTR = str_replace("/**/", "", $querySTR); $querySTR = preg_replace("/\/\*(.+)\*\\//iSU", "", $querySTR); $querySTR = str_replace("/*", "", $querySTR); $querySTR = str_replace("*/", "", $querySTR); if (preg_match("/UNION(.*)SELECT/iSU", rawurldecode($querySTR))) die("erro"); return true; } } ?>