im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.
I have roughly 30 files. I want to be able to edit every $_POST and $_GET
Code: [Select]$value=$_POST['value'];
$value=$_GET['value'];
my instinct would be to edit every file and do it manually
Code: [Select]$value=$_POST['value'];
$value=mysql_real_escape_string($value)
$value=$_GET['value'];
$value=mysql_real_escape_string($value)
but if there was a faster way it would make my life easier. What I would like to do is to maybe create a function i can put at the top of every page or into my global.php which is included into every page that would do something like this
Code: [Select]
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}else{
$value=mysql_real_escape_string($value)
}
i dont intend to have magic quotes on, but other people might on there servers.
I just need every $_POST or $_GET within my script to be automaticly cleaned or filtered from SQL Injections
I saw something a long time ago where it was something they put at the top of there page, this will be completely wrong, but i will give u an example of what it looked like
Code: [Select]$_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map('mysql_real_escape_string', $_REQUEST);
im not to sure how that goes about effecting everything, where to put it, etc
Any ideas or suggestions? Or am I stuck doing it manually.
Multiple while loops
I have several DB queries that I know should be returning results and aren't. I have a feeling it has to do with the several while loops that should be outputting the data. One more issue is that
Getting number of affected rows in SQLPLUS..
Hi everyone,
Populate drop down list from table??
Lets say for arguments sake that i have a table which contains the numbers 1 to 10.How can i get a drop down list to pull these numbers from the table?So if i then added more numbers to the table then
Security Exception on pages using AJAX
I am getting the exception: attempted to perform an operation not allowed by the security policy on my AJAX pages. If i remove the AJAX control it works.
query based on 2 conditions
I want to select if the doc_type is either s OR f but this doesn't work:Code: [Select]$query2 = "SELECT * FROM members WHERE doc_type='s' && doc_type= 'f' ORDER BY
PHP Login
Hey!I got this shopcart code online, am trying to modify it but am getting an error when i try and login as an administrator.Am new to php ......so let me know if you can help Source code for
Displaying a clickable playername
I am going wrong somewhere with the mysql_query, can someone please put me straight?$playername = mysql_query("SELECT * FROM `players` WHERE `playername` LIMIT 1");while($f =
mod_rewrite.c on windows ??
why it's not working on windows while it's working on other hosts??? this is the code i got from a tutorial :Code: [Select]<IfModule mod_rewrite.c>RewriteEngine OnRewriteBase
Join Query Help
Hi all,I am having problems with the below code, which we shall call 'my first join query'! Suprise suprise its not working and I am getting an error I have not seen before:QuoteParse error: parse
Any meaningful project for a new C++ programmer?
I want to do some meaningful program, so I can help myself to learn
