<?php
class dXSS{
	var $url;
	var $longitud;

function TestGet(){
	$ok = true;
	$baneados =array(chr(34),
	"'",
	"--",
	";"
	"<",
	"[",
	"&lt;",
	">",
	"&gt",
	"&quot",
	"&#x27",
	"%",
	"&#x2F",
	"/*",
	"*/",
	"request",
	"select",
	"declare",
	"insert",
	"update",
	"delete",
	"drop",
	"exec(",
	"execute(",
	"cast(",
	"char",
	"nchar",
	"varchar",
	"nvarchar", 
	"substring",
	"sysobject",
	"iframe",
	"syscolumns"
	);
	
	$recuento=0;
	foreach( $_GET as $key => $value ) {
		for($i=0;$i<sizeof($baneados);$i++) {
			$Cadena = strtoupper($value);
			$Encontrar   = strtoupper($baneados[$i]);
			$pos = strpos($Cadena, $Encontrar);
			if($pos !== false) {
			    $recuento++;
			}
			if(strlen($Cadena)>$this->longitud){
			    $recuento++;
			}
			if(eregi('[^a-z0-9_]',$Cadena)){
			    $recuento++;
			}	
		}
	}
		if($recuento>0){
			 header('Location:'.$this->url);
		}
	}
}
?>