question about stripslashes and real_escape_string

Posted on 16th Feb 2014 07:03 pm by admin

im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.

I have roughly 30 files. I want to be able to edit every $_POST and $_GET

Code: [Select]$value=$_POST['value'];
$value=$_GET['value'];
my instinct would be to edit every file and do it manually

Code: [Select]$value=$_POST['value'];
$value=mysql_real_escape_string($value)


$value=$_GET['value'];
$value=mysql_real_escape_string($value)

but if there was a faster way it would make my life easier. What I would like to do is to maybe create a function i can put at the top of every page or into my global.php which is included into every page that would do something like this

Code: [Select]
if (get_magic_quotes_gpc()) {

$value = stripslashes($value);
}else{
$value=mysql_real_escape_string($value)

}
i dont intend to have magic quotes on, but other people might on there servers.

I just need every $_POST or $_GET within my script to be automaticly cleaned or filtered from SQL Injections

I saw something a long time ago where it was something they put at the top of there page, this will be completely wrong, but i will give u an example of what it looked like

Code: [Select]$_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map('mysql_real_escape_string', $_REQUEST);

im not to sure how that goes about effecting everything, where to put it, etc

Any ideas or suggestions? Or am I stuck doing it manually.

Your Answer:

Login to answer

Other forums

Specific name typed, specific image shown on html page
Hello,

Fairly new to PHP and was curious if someone might know how to solve a fairly simple r

DateTimeZone::listIdentifiers headache
http://php.net/manual/en/datetimezone.listidentifiers.php


So the documentation states tha

Problem with variable declaration in switch statement
Hello, I am having some trouble assigning a value to a variable inside a switch statement. What I a

Changes to hosting company's server has affected web contact form
I started a thread a couple of months ago about the contact forms on my client's website. Basically

RSS poster script?
I have found a script that posts RSS's for me on a site that I'm building. However I would like to a

 formating when pulling data from a mysql database 
Ok so Im not to sure if this is the right thread to post in but here is my catch 22 issue.

I 
login and redirect 
hello! can someone help me.. can you give me an idea.. I want to make a login page and redirects it 
Sessions Value Not Saved 
Hi,

Im making a login form and im using this code:
Code: if($login=="true"){
Preg_match unknown modifyer 
Hello,

Im trying to write a little script for my forums i need to get the reply from my forum
simplexml and xpath - Need some help 
Hello,

I am trying to parse an xml which comes back from Amazon and I am trying to know how m