im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.
I have roughly 30 files. I want to be able to edit every $_POST and $_GET
Code: [Select]$value=$_POST['value'];
$value=$_GET['value'];
my instinct would be to edit every file and do it manually
Code: [Select]$value=$_POST['value'];
$value=mysql_real_escape_string($value)
$value=$_GET['value'];
$value=mysql_real_escape_string($value)
but if there was a faster way it would make my life easier. What I would like to do is to maybe create a function i can put at the top of every page or into my global.php which is included into every page that would do something like this
Code: [Select]
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}else{
$value=mysql_real_escape_string($value)
}
i dont intend to have magic quotes on, but other people might on there servers.
I just need every $_POST or $_GET within my script to be automaticly cleaned or filtered from SQL Injections
I saw something a long time ago where it was something they put at the top of there page, this will be completely wrong, but i will give u an example of what it looked like
Code: [Select]$_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map('mysql_real_escape_string', $_REQUEST);
im not to sure how that goes about effecting everything, where to put it, etc
Any ideas or suggestions? Or am I stuck doing it manually.
rdns with php
I am trying to build a script that will show all of the different domains that are hosted on the same ip. However when I do a rdns lookup with php only 1 of the domains is returned. How can I make it
Need help making a blockquote and line items conditional
I have some code I bought a few years ago that allows my clients to update content on their site using an Excel spreadsheet. Well this particular application sometimes has line items so I need to come
Adding delete feature to my forum
Hello I am currently trying to add a delete feature to my forum. I believe I have everything built right but I am having some problems when debugging. I do not have PHP Designer 2008 and I am using
Exporting new records
Trying to figure out the best way to set this up.People register my site. Their profile has the date they registered.I've got another table called 'markets' which has some information that is specific
Storing/displaying image urls in a database?
HiBasically I have the following scenario:User chooses picture from list. Picture info is added into the db, including url.However I can't figure out how exactly i should be storing the url for the
mysql_real_escape_string making variable equal nothing
i post a form and i post the variable:Code: $var = $_POST[variable];then i echo $var its what i submitted the variable to be. then i add the mysql_real_escape_string() function to itspell it correctly
search function
HI guys,if anyone could point us in the right direction of how to do this, or provide some test code for a similar problem would be great!Basically, I have user profiles on my site, and I have a
cPanel API
Hi Guys,Need a little guidance. I'm trying to get my script to communicate with cPanel (or WHM) to show certain statistics, for example, how much space/bandwidth has been used.I have been reading
Automatic Webpage ??
I have a page www.mysite.com/test.php with a <form> <textarea name="data" cols="100" rows="20"></textarea> //to enter the
Checking if a process is running (problems including psapi.dll i think...)
Ok, so all I'm trying to do is check if a program is running...
