im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.
I have roughly 30 files. I want to be able to edit every $_POST and $_GET
Code: [Select]$value=$_POST['value'];
$value=$_GET['value'];
my instinct would be to edit every file and do it manually
Code: [Select]$value=$_POST['value'];
$value=mysql_real_escape_string($value)
$value=$_GET['value'];
$value=mysql_real_escape_string($value)
but if there was a faster way it would make my life easier. What I would like to do is to maybe create a function i can put at the top of every page or into my global.php which is included into every page that would do something like this
Code: [Select]
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}else{
$value=mysql_real_escape_string($value)
}
i dont intend to have magic quotes on, but other people might on there servers.
I just need every $_POST or $_GET within my script to be automaticly cleaned or filtered from SQL Injections
I saw something a long time ago where it was something they put at the top of there page, this will be completely wrong, but i will give u an example of what it looked like
Code: [Select]$_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map('mysql_real_escape_string', $_REQUEST);
im not to sure how that goes about effecting everything, where to put it, etc
Any ideas or suggestions? Or am I stuck doing it manually.
Convert array to string and write to csv file
I am looking to write a MySQL query to a csv file.At the minute I:check for the original file, and delete it;create a new (blank) file;run the MySQL query and pass it into an array;write it to the new
Not reloading page after php form submit
Hello helpful souls out there. You guys have come through for me in the recent past and I'm hoping someone out there can either help me or point me in the right direction.I have the following site,
ScriptResource.axd gives an error on fresh install of ASP.NET Ajax 1.0
Hello,I have a fresh install of Microsoft ASP.NET Ajax 1.0. When I create an Ajax enabled website in Visual Studio, and immediately run the Default.aspx page I get a javascript error: Sys is not
Why does this file not return file names that start with numbers?
This file returns a list of filenames to help populate a drop down in my form. For some reason it ignores any file names that begin with numbers, could anyone please tell my why and show me how to
send message to the java application
Oracle 10g with Windows platform.
uploading video files into mysql in php
hi,I have the video files which i have to upload into mysql db. along with creating thumbnails from the video.can any one help me in this which will be greatful to methank u
Creating a db with a query
Hello everyone.I'm having troubles creating a db with a query.I'm reading a book called PHP Bibles from Tim Converse I get this errorFatal error: Call to undefined function mysql_create_db() in
Can't find the problem (no error message)!
OK, here's the deal. This code is really weirdly formatted (sorry!) and hard to understand, so I'm going to try and make it as easy as possible. Here's a breakdown of what the user should do:1. The
Format timestamp from mysql
When I tried this:Code: date("m/d/Y H:i A", $row['timestamp'])I got 12/31/1969 18:33 PM, so I know the time section is working at least. How can I get the mm/dd/yyyy section to work
Unifying logins of two different scripts
I have two different game scripts which I want to embed on my own site. The problem is I don't want users to create 3 different accounts - one for main site and 2 other for games. I want them to just
