im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.
I have roughly 30 files. I want to be able to edit every $_POST and $_GET
Code: $value=$_POST['value'];
$value=$_GET['value'];
my instinct would be to edit every file and do it manually
Code: $value=$_POST['value'];
$value=mysql_real_escape_string($value)
$value=$_GET['value'];
$value=mysql_real_escape_string($value)
but if there was a faster way it would make my life easier. What I would like to do is to maybe create a function i can put at the top of every page or into my global.php which is included into every page that would do something like this
Code:
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}else{
$value=mysql_real_escape_string($value)
}
i dont intend to have magic quotes on, but other people might on there servers.
I just need every $_POST or $_GET within my script to be automaticly cleaned or filtered from SQL Injections
I saw something a long time ago where it was something they put at the top of there page, this will be completely wrong, but i will give u an example of what it looked like
Code: $_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map('mysql_real_escape_string', $_REQUEST);
im not to sure how that goes about effecting everything, where to put it, etc
Any ideas or suggestions? Or am I stuck doing it manually.
How do I get the row number from from an sql table query
Hi allI have a table that I query and it returns a number of rows.mysql_num_rows($query) = $totalI want to have next and previous buttons, is there a way of retrieving the current row number, and can
Insert data in Mysql and move to another page
I'm stuck with this simple problem. I need to insert data in Mysql and then hit submit and move to another page. My first thougt was to use Post but that didn't work. How do I use Get and Post to do
i have no idea why this isn't working
Code: <?phpsession_start();include("connect.php");error_reporting(E_ALL);ini_set('display_errors', '1'); $username = "Master";$password = "pword";$host =
foreach iterator
Hi GuysDoes the foreach loop have an inbuilt iterator ?
Generate multilayered array from string.
ok so i have a string that looks like this:Code: [Select]blog:edit_all,delete_all|users:edit_all,delete_all|settingsand i want to make a code that can take that string and put it in a multi-layered
WHYISNT THIS MYSQL STATEMNT NOT WORKING? (php)
caps because its absolutely rediculous.i dontunderstand why its not working. there is a column called id and a collumn called to then there is also. two rows with the field for `to` equal to the
Multi Level Array Problem
hi all,For example I have array like below:$temp = array(array('north america', 'us', 'california'), array('north america', 'us', 'hawaii'), array('north america', 'canada', 'vancouver'),
Undefined variable when using $_SERVER['PHP_SELF']
Hi guyz, please suggest me something...On first.php I have one input field NAME, and on posting the form it moves to "second.php" showing the entered value of input field using $_POST,
Passing an array of values From VB6.0 to Oracle PL/SQL Function
Basically we are using VB6.0.
How can I Compare two xml documents?
Hi all,
