[MarkGrillo]

have an array setup of commands used for XSS, SQL and shell injections and am using strpos to check any sent data or headers do not contain anything in the array.

I am building a small discussion board to discuss securing against injections, is there a way I can safely insert possible injections into a database? I was thinking maybe turn it into a string, pull the string apart where the word is in the array and then insert some asterisk’s or a random digit in the middle so it is not seen as code, then when we go to view the post, it removes that information.

Is there a way to do this, without executing it at all so it cannot harm a site?

[Amit]

You could Base64 Encode it and save the base64 string to the DB then read table and Base64 Decode to display