question about stripslashes and real_escape_string
Posted on
16th Feb 2014 07:03 pm by
admin
im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.
I have roughly 30 files. I want to be able to edit every $_POST and $_GET
Code: [Select]$value=$_POST['value'];
$value=$_GET['value'];
my instinct would be to edit every file and do it manually
Code: [Select]$value=$_POST['value'];
$value=mysql_real_escape_string($value)
$value=$_GET['value'];
$value=mysql_real_escape_string($value)
but if there was a faster way it would make my life easier. What I would like to do is to maybe create a function i can put at the top of every page or into my global.php which is included into every page that would do something like this
Code: [Select]
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}else{
$value=mysql_real_escape_string($value)
}
i dont intend to have magic quotes on, but other people might on there servers.
I just need every $_POST or $_GET within my script to be automaticly cleaned or filtered from SQL Injections
I saw something a long time ago where it was something they put at the top of there page, this will be completely wrong, but i will give u an example of what it looked like
Code: [Select]$_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map('mysql_real_escape_string', $_REQUEST);
im not to sure how that goes about effecting everything, where to put it, etc
Any ideas or suggestions? Or am I stuck doing it manually.
No comments posted yet
Your Answer:
Login to answer
167 
10 
Other forums
Access website from only 1 computer...?
One of my customers wants his website to only be accessed by people in which they bought the website
xml element exists
Code: [Select]<?xml version="1.0"?>
<Addresses>
<
All possible combinations of Strings from table in PL/SQL
Hi,
I am trying to figure out how to build a list of all possible string combinations fro
Redirect not working after making a POST/GET
Hi Everyone,
I am a novice in PHP. Here I have 2 pages, one page with a textbox and button an
Pulling out some result data from MYSQL
Hey Guys,
I've built a PHP page that has a for just imagine something like registration form
Big O & time complexity ???
can you help me how to calculate the Big O & time complexity for any algorithm and c++ program pleas
losing session vars when arriving from an email link
Hi,
I've got a confirmation script made that sends an email with a link for a user to confirm
php redirecting
i wont open a new thread but i have a question about redirecting....
i wonder why my code doesnt
why does my session end?
my connect.php starts the session just so you know
i can navigate arround my site fine except whe
elseif help!
OK so I'm new to the site, as well as PHP altogether (Trying my hand at managing an online RPG) and
