Yes, union should not be allowed to be added to a query string, unless it is a valid portion of a field, like it is here.The same goes for all the forbidden words, not all occurrences of them are going to be malicious.
I suggest we look at GIJOE's Protector for his patterns, the PHP page on
SQL injection and this
class for safeSQL
This Post was from: https://www.impresscms.org/iforum/viewtopic.php?topic_id=1438&post_id=13501