question about stripslashes and real_escape_string
Posted on
16th Feb 2014 07:03 pm by
admin
im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.
I have roughly 30 files. I want to be able to edit every $_POST and $_GET
Code: [Select]$value=$_POST['value'];
$value=$_GET['value'];
my instinct would be to edit every file and do it manually
Code: [Select]$value=$_POST['value'];
$value=mysql_real_escape_string($value)
$value=$_GET['value'];
$value=mysql_real_escape_string($value)
but if there was a faster way it would make my life easier. What I would like to do is to maybe create a function i can put at the top of every page or into my global.php which is included into every page that would do something like this
Code: [Select]
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}else{
$value=mysql_real_escape_string($value)
}
i dont intend to have magic quotes on, but other people might on there servers.
I just need every $_POST or $_GET within my script to be automaticly cleaned or filtered from SQL Injections
I saw something a long time ago where it was something they put at the top of there page, this will be completely wrong, but i will give u an example of what it looked like
Code: [Select]$_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map('mysql_real_escape_string', $_REQUEST);
im not to sure how that goes about effecting everything, where to put it, etc
Any ideas or suggestions? Or am I stuck doing it manually.
No comments posted yet
Your Answer:
Login to answer
167 
10 
Other forums
CE 7.1 and External GIS integration
Hi All,
We want to develop an application on CE 7.1 which uses GIS features from an exter
PHP Thumbnail Creation
Ok so i use this function to create thumbnails:
Code: [Select]function createthumb($name,$fil
need to apply an if/else statement to Tim Thumb script
Not sure how to work this. I essentially want to call a variety of image sizes based on which style
Strange PHP/mySQL error ... am I just tired?
Code: <?
## CONNECT TO DB FUNCTION!
function ConnectTo($db2con)
{
$hostNam
form variables from database help.
Hi all,
I would like to have a form that gives you options based on the results of an mysql q
Checking BOM Authorization Group
Hai Friends,
I have developed a mulitilevel BOM display report. End users have been assig
FFmpeg Images 2 Video conversion problem ??
I got folder full of images , number of images = 600 , I want to make a video which plays one image
Not capturing all the information we require in the form.......
Hi Guys,
I was wondering if you would share some more of your knowledge today, I'm hoping it
need help in update query
hi
i have a dynamic form. i need help in how can i use update query when values from dynamic for
simple script won't work. Please help
I'm new to php, and I am having trouble displaying a simple script in my web browser. My php code ex
