question about stripslashes and real_escape_string

Posted on 16th Feb 2014 07:03 pm by admin

im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.

I have roughly 30 files. I want to be able to edit every $_POST and $_GET

Code: [Select]$value=$_POST['value'];
$value=$_GET['value'];
my instinct would be to edit every file and do it manually

Code: [Select]$value=$_POST['value'];
$value=mysql_real_escape_string($value)


$value=$_GET['value'];
$value=mysql_real_escape_string($value)

but if there was a faster way it would make my life easier. What I would like to do is to maybe create a function i can put at the top of every page or into my global.php which is included into every page that would do something like this

Code: [Select]
if (get_magic_quotes_gpc()) {

$value = stripslashes($value);
}else{
$value=mysql_real_escape_string($value)

}
i dont intend to have magic quotes on, but other people might on there servers.

I just need every $_POST or $_GET within my script to be automaticly cleaned or filtered from SQL Injections

I saw something a long time ago where it was something they put at the top of there page, this will be completely wrong, but i will give u an example of what it looked like

Code: [Select]$_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map('mysql_real_escape_string', $_REQUEST);

im not to sure how that goes about effecting everything, where to put it, etc

Any ideas or suggestions? Or am I stuck doing it manually.

Your Answer:

Login to answer

Other forums

Unable to retreve the values from Mysql Query
Hi,

Here is the php code that I have, Query is running properly in phpmyadmin and is resu

same querie, or a new one??
Hi guys,

I'm still working on this drop down list. I've got the actual drop down list to wor

set xml path in flash when xml created in memorystream and webrequest
i am creating an xml file using memory stream and i want to load this xml file into the flash on cli

Getting the full city list from maxminds geoip database
I am suprised I can't find any references to this.

I have maxminds geoip lite installed and i

Inserting a variable in a link
I have this code that I want to insert for my own variable but I have no idea how. This is what I wa

Multidimensional $_POST
Hello

How to get a single array from array of array (2 - dimension).
For example I have a

storing results of a function - previous result overwritten with new result
I have created a function to validate input.

function validate_dimension($value,$name) {
<

Character Sets/Collations Stuff
Can someone please give me a check list of things I must do to setup all the charset stuff for my ph

GET * FROM _____ Except?
I have a site that is for stock photography.

This section of the code calls images to display

mails going in spam??
The mails I sent to folks in my database using mail(function) are going in spam??

Any idea ho