From 9b34e3a493e31b6f56ca822b36da0ebe81784ef6 Mon Sep 17 00:00:00 2001
From: Akash Kumar Sharma <31161908+aks060@users.noreply.github.com>
Date: Mon, 10 Sep 2018 15:45:44 +0530
Subject: [PATCH 1/2] Update post_sql.php

---
 post_sql.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/post_sql.php b/post_sql.php
index 83b758c..4c36ebf 100644
--- a/post_sql.php
+++ b/post_sql.php
@@ -4,6 +4,7 @@
 {
   foreach($_POST as $par)
   {
-     
+     $val=$_POST[$par];
+    echo $val;
   }
 }

From fae1c37ee026b10bf95e4d168e9618abf6fe1a9a Mon Sep 17 00:00:00 2001
From: Akash Kumar Sharma <31161908+aks060@users.noreply.github.com>
Date: Mon, 10 Sep 2018 16:03:16 +0530
Subject: [PATCH 2/2] Update post_sql.php

---
 post_sql.php | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/post_sql.php b/post_sql.php
index 4c36ebf..e889604 100644
--- a/post_sql.php
+++ b/post_sql.php
@@ -4,7 +4,26 @@
 {
   foreach($_POST as $par)
   {
-     $val=$_POST[$par];
-    echo $val;
+    //echo $val;
+    $restrict=array("'", '"', 'order', '*', 'union');
+    
+    /*Comparing each character by char*/
+    for($i=0; $i<strlen($par); $i++)
+    {
+       if($par[$i] in $restrict)
+       {
+           stopit();
+       }
+    }
+    
+    /*Compare words separated by space*/
+    $wd=explode(' ', $par);
+    for($i=0; $i<sizeof($wd); $i++)
+    {
+      if($wd[$i] in $restrict)
+      {
+        stopit();
+      }
+    }
   }
 }