im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.
I have roughly 30 files. I want to be able to edit every $_POST and $_GET
Code: [Select]$value=$_POST['value'];
$value=$_GET['value'];
my instinct would be to edit every file and do it manually
Code: [Select]$value=$_POST['value'];
$value=mysql_real_escape_string($value)
$value=$_GET['value'];
$value=mysql_real_escape_string($value)
but if there was a faster way it would make my life easier. What I would like to do is to maybe create a function i can put at the top of every page or into my global.php which is included into every page that would do something like this
Code: [Select]
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}else{
$value=mysql_real_escape_string($value)
}
i dont intend to have magic quotes on, but other people might on there servers.
I just need every $_POST or $_GET within my script to be automaticly cleaned or filtered from SQL Injections
I saw something a long time ago where it was something they put at the top of there page, this will be completely wrong, but i will give u an example of what it looked like
Code: [Select]$_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map('mysql_real_escape_string', $_REQUEST);
im not to sure how that goes about effecting everything, where to put it, etc
Any ideas or suggestions? Or am I stuck doing it manually.
need help to creat database
Hello Team, please guys i am stuck from three days with paypal issue for IPN but no luck yet now i wants to do other method. i have used this form to send info to paypal and everything is working ok
Word filter problem
Hello,im trying to make a filter for words inputted in to my website but i want to store the swear word and the replacement for that word in a mysql db i have developed the code
Strange
I recently noticed some odd HTML appear in some of the websites I host. Not all of them are run on a CMS but the majority (but not all) are running through the same FTP account.I've searched
Stats of viewers
Hello. I have a website in php and people can login. I want to make an admin control panel where u can see how many people are currently logged in and also how many people in total (including the ones
Uploading files/images via forms
Hey all, I am building a database for work that will contain some minor data on plant species along with 4 images. I have developed the form and am able to add the data but due to my abilities and I
rookie looking for help coding a CSS form with PHP
I'm trying to figure out how to add PHP code to my xhtml form so that it is a working form embedded in the contact us page of a website that is still on my pc only. The end goal is to place the PHP
Paypal
Hi all,I have an advanced basic knowledge of php I want to try something new for a site I am working on, its a members site with a monthly fee for being a member of the site. Basically what I want to
MYSQL INSERT ID NOT WORKING
Code: $id = mysql_insert_id();header("Location: ./?view=$id");Why $id pulling blank nothing?Code: mysql_query("INSERT INTO `prays` (`title`,`prayer`,`time`,`level`,`nameid`,`name`)
Using system() and bringing back the results
I am aware that you can use system() within PHP to execute system commands, but I was wondering if there was a reasonable way to bring back the results every second.For example, I want a web based
Get word number x from string?
How can I use a function to loop through a string, and "have a look at" every word in the string, probably separated by a comma, and print them out, like this:word 1: xxxxword 2: xxxxword 3: