im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.
I have roughly 30 files. I want to be able to edit every $_POST and $_GET
Code: [Select]$value=$_POST['value'];
$value=$_GET['value'];
my instinct would be to edit every file and do it manually
Code: [Select]$value=$_POST['value'];
$value=mysql_real_escape_string($value)
$value=$_GET['value'];
$value=mysql_real_escape_string($value)
but if there was a faster way it would make my life easier. What I would like to do is to maybe create a function i can put at the top of every page or into my global.php which is included into every page that would do something like this
Code: [Select]
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}else{
$value=mysql_real_escape_string($value)
}
i dont intend to have magic quotes on, but other people might on there servers.
I just need every $_POST or $_GET within my script to be automaticly cleaned or filtered from SQL Injections
I saw something a long time ago where it was something they put at the top of there page, this will be completely wrong, but i will give u an example of what it looked like
Code: [Select]$_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map('mysql_real_escape_string', $_REQUEST);
im not to sure how that goes about effecting everything, where to put it, etc
Any ideas or suggestions? Or am I stuck doing it manually.
Random date selection
i want to select random date with time(hour+minutes+sec) where date is specified(10/22/2009) and timestamp is specified 10-11 am
Finding digits in variable containing text, and IDing them
$romanstock = "http://www.remoteprice.com/data.asp?storeid=123&itemcode=456&type=2";$contentsstock = file_get_contents($romanstock);The above code, when rendering
array empty
Hiya peeps,Ok here is the codes.order.phpCode: <?php if(!isset($_POST) OR empty($_POST)) { echo
does anyone know a php script to send mail using gmails/googles free smtp server
cause i heard u can do that but i dont know how
server trace logs
could any one tell me from where do i get error logs in xMII??I want to check the reason for dtabase connection failure
default SAP userid
hi,, I just like to know if it is ok to use the default SAP user id (SAP*)?
Do While statement
hi guys,This may sound trivial but im new to php and as part of an assignmenti have to construct the 10 green bottles song using the do while statement. I can do the statement but it is itengrating
New Search Engine
Hey everyone,I have a ZIP Code Radius search engine already functional. it displays all of the ZIP codes within a specified mileage around a central ZIP code.I have an auction site that the client
Credit card verification
I have a client who wants to process credit card transactions from his web site rather than the going through something like paypal. I've never done that before...what is my first step? I really dont
checkbox update
I am having a brain fart right now and i cant remember how to do this. if anyone could help that would be great. I have search google and this forum but have not found what i am looking for.thankswhen