si usa GET\n"; } else { $PARMS = &$_POST; echo " -> si usa POST\n"; } */ switch($_SERVER['REQUEST_METHOD']) { case 'GET': $PARMS = &$_GET; echo " -> si usa GET\n"; break; case 'POST': $PARMS = &$_POST; break; echo " -> si usa POST\n"; break; } // verifico foreach($PARMS as $key => $value) { echo "[$key] = [$value] == [".urldecode($value)."]\n"; if(stripos($value, "=") !== FALSE || // forse un po' severa stripos($value, "%") !== FALSE || // anche questa.. stripos($value, "--") !== FALSE || // anche questa.. stripos($value, "\x00") !== FALSE || // tutti i caratteri di controllo stripos($value, "\x01") !== FALSE || stripos($value, "\x02") !== FALSE || stripos($value, "\x03") !== FALSE || stripos($value, "\x04") !== FALSE || stripos($value, "\x05") !== FALSE || stripos($value, "\x06") !== FALSE || stripos($value, "\x07") !== FALSE || stripos($value, "\x08") !== FALSE || stripos($value, "\x09") !== FALSE || stripos($value, "\x0A") !== FALSE || stripos($value, "\x0B") !== FALSE || stripos($value, "\x0C") !== FALSE || stripos($value, "\x0D") !== FALSE || stripos($value, "\x0E") !== FALSE || stripos($value, "\x0F") !== FALSE || stripos($value, "\x11") !== FALSE || stripos($value, "\x12") !== FALSE || stripos($value, "\x13") !== FALSE || stripos($value, "\x14") !== FALSE || stripos($value, "\x15") !== FALSE || stripos($value, "\x16") !== FALSE || stripos($value, "\x17") !== FALSE || stripos($value, "\x18") !== FALSE || stripos($value, "\x19") !== FALSE || stripos($value, "\x1A") !== FALSE || stripos($value, "\x1B") !== FALSE || stripos($value, "\x1C") !== FALSE || stripos($value, "\x1D") !== FALSE || stripos($value, "\x1E") !== FALSE || stripos($value, "\x1F") !== FALSE || stripos($value, "\x25") !== FALSE || stripos($value, "\x2a") !== FALSE || stripos($value, "\x2b") !== FALSE || stripos($value, "\x28") !== FALSE || stripos($value, "\x29") !== FALSE || stripos($value, "*") !== FALSE || stripos($value, "+") !== FALSE || stripos($value, "%") !== FALSE || stripos($value, "(") !== FALSE || stripos($value, ")") !== FALSE || stripos($value, "+and+")!== FALSE || stripos($value, "+xor+")!== FALSE || stripos($value, "+not+")!== FALSE || stripos($value, " and ")!== FALSE || stripos($value, " xor ")!== FALSE || stripos($value, " not ")!== FALSE || /* stripos($value, "select") || stripos($value, "insert") || stripos($value, "delete") || */ stripos($value, "20and")!== FALSE || stripos($value, "20xor")!== FALSE || stripos($value, "20not")!== FALSE) { mail_visita("Ricerca (abortita)"); echo "\n RICERCA ABORTITA \n"; echo "-->"; echo "