question about stripslashes and real_escape_string

Posted on 16th Feb 2014 07:03 pm by admin

im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.

I have roughly 30 files. I want to be able to edit every $_POST and $_GET

Code: $value=$_POST['value'];
$value=$_GET['value'];
my instinct would be to edit every file and do it manually

Code: $value=$_POST['value'];
$value=mysql_real_escape_string($value)


$value=$_GET['value'];
$value=mysql_real_escape_string($value)

but if there was a faster way it would make my life easier. What I would like to do is to maybe create a function i can put at the top of every page or into my global.php which is included into every page that would do something like this

Code:
if (get_magic_quotes_gpc()) {

$value = stripslashes($value);
}else{
$value=mysql_real_escape_string($value)

}
i dont intend to have magic quotes on, but other people might on there servers.

I just need every $_POST or $_GET within my script to be automaticly cleaned or filtered from SQL Injections

I saw something a long time ago where it was something they put at the top of there page, this will be completely wrong, but i will give u an example of what it looked like

Code: $_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map('mysql_real_escape_string', $_REQUEST);

im not to sure how that goes about effecting everything, where to put it, etc

Any ideas or suggestions? Or am I stuck doing it manually.

Your Answer:

Login to answer

Other forums

Google Wave
So... has anyone used it yet? Is it any good?

http://wave.google.com/help/wave/about.html#vid

Download Image from URL and Upload it
Ok, I have been googling for the last 1/2 hour trying to figure this out, Most likely I'm just not s

Operator precedence assistance.
I did a quick Google search and couldn't quite find the answer I wanted in terms I could understand,

Spaghetti Code
So.

I've pretty much reached the point where I have so many isset s on one page that I can't

Modal Popup Help
Hi guys, I have a modal popup with an iframe. How can i send data from a label or textbox to the ifr

ereg_replace in Wordpress
Heya - so I'm working on this site: http://world-of-smiles.theportlandco.com/new-patients

The

TinyMCE / Ajax Postback Problem
Hiya all,

I have a page which loads the TinyMCE editor. On the postback I obviously want to f

read integers that returns a negative or prints the average
Im trying to finish this homework assignment by tommarow afternoon and I keep getting stuck.
Wr

Referential Integrity problem when inserting into 2 tables at same time
Hello Everyone,

Im relativity new to PHP and MySQL and i have come up against a problem. i h

foreach loop, assistance request
I would like some guidance on the usage of foreach as I try to parse through a large database and wh