diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index 5f02014b9b8ef4bc104f9b435e5e7ee854c6626e..c27484ad89be7bb5f22e6a3fe6fef464804fa4d5 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -80,13 +80,15 @@ function test_sql_and_script_inject($val, $type)
     // For SQL Injection (only GET and POST are used to be included into bad escaped SQL requests)
     if ($type != 2)
     {
-        $sql_inj += preg_match('/delete[\s]+from/i', $val);
-        $sql_inj += preg_match('/create[\s]+table/i', $val);
-        $sql_inj += preg_match('/update.+set.+=/i', $val);
-        $sql_inj += preg_match('/insert[\s]+into/i', $val);
-        $sql_inj += preg_match('/select.+from/i', $val);
-        $sql_inj += preg_match('/union.+select/i', $val);
-        $sql_inj += preg_match('/(\.\.%2f)+/i', $val);
+        $sql_inj += preg_match('/delete\s+from/i'	, $val);
+        $sql_inj += preg_match('/create\s+table/i'	, $val);
+        $sql_inj += preg_match('/update.+set.+=/i'	, $val);
+        $sql_inj += preg_match('/insert\s+into/i'	, $val);
+        $sql_inj += preg_match('/select.+from/i'	, $val);
+        $sql_inj += preg_match('/union.+select/i'	, $val);
+        $sql_inj += preg_match('/into\s+outfile/i'	, $val);
+        $sql_inj += preg_match('/into\s+dumpfile/i'	, $val);
+        $sql_inj += preg_match('/(\.\.%2f)+/i'		, $val);
     }
     // For XSS Injection done by adding javascript with script
     // This is all cases a browser consider text is javascript: