Finally i have got an idea of an script to do this JOB.. well i know it have alot of LAME things but thats my first script mmmm maybe i need to get SHOOTED for it .. i dont know it need your opinion >> Professionals
+ there is something last that Can Bypass the Script Check..
ok the script checks the Requested URL for any Metacharacter Used in SQL Injection or XSS exploits.. so i have made that.. and it BAN the person that Does try it..
there is 2 problems i have faced and didn't find a solution for it..
1st : the $REMOTE_ADDR doesn't get the Real IP sometimes if a user is using a proxy. so if anybody can tell me how to get the REAL ip of the person.. or i may Disable the BAN IP thing

2nd : the script can be bypassed by 1 thing... if i made a HTML page in my pc that POST a value with THE SQL INJECTIONS it passes the Script check
so can any1 tell me how to check the POST VARS..
thanks in advance

PHP Code:
<?
//////////////////////////////////////////////////////
//     SCRIPT CODED By : rOCk-MaStEr                //
//     Any Comments contact me :                  //
//     [email][email protected][/email]                //
//     For more Security and Scripts Visit :         //
//     [url]http://www.securitygurus.net[/url]            //
//////////////////////////////////////////////////////
$f=fopen("ip.txt","r");
          $data=fread($f,filesize("ip.txt"));
          fclose($f);
$banchk strpos($data,$REMOTE_ADDR);
if($banchk != false )
{
echo ": You Are BANNED from This website :";
exit;
}
else 
{
$checktheurl $_SERVER['REQUEST_URI'];
$metacharacter = array("UNION","SELECT","WHERE","INSERT","union","select","insert","where",";","*","%3c","%3e","<",">",",","'");
$error=0;
for($count=0;$count<count($metacharacter);$count++)
{
$checker strpos($checktheurl$metacharacter[$count]);
if($checker != false)
{
$error=1;

$fa=fopen("ip.txt" ,"a");
          fwrite($fa,"$REMOTE_ADDR ");
          fclose($fa);
}
}

if($error==1)
{
echo ": Sorry! You attemping Banned Operation.. ! :";
exit;
}
}
?&gt