From 38e0c9fb533bd41b33f42810b3d4b5aa7fdb5e11 Mon Sep 17 00:00:00 2001
From: Paul Wagener <mail@paulwagener.nl>
Date: Fri, 28 Feb 2014 14:29:01 +0100
Subject: [PATCH] Update product_detail_replace.php

Make the compare case-insensitive to prevent lowercase 'select' from passing-by
---
 webshop/product_detail_replace.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/webshop/product_detail_replace.php b/webshop/product_detail_replace.php
index d813f02..561dc43 100644
--- a/webshop/product_detail_replace.php
+++ b/webshop/product_detail_replace.php
@@ -62,8 +62,8 @@ $connection = new mysqli('localhost', 'webshop', 'pass', 'webshop')
 $id = $_GET['id'];
 
 // Damn hackers, let's filter out all SELECT and UNION to be extra safe!
-$id = str_replace('SELECT', '', $id);
-$id = str_replace('UNION', '', $id);
+$id = str_ireplace('SELECT', '', $id);
+$id = str_ireplace('UNION', '', $id);
 
 $query = 'SELECT naam, afbeelding, beschrijving, prijs FROM producten WHERE id = ' . $connection->real_escape_string($id);