question about stripslashes and real_escape_string
Posted on
16th Feb 2014 07:03 pm by
admin
im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.
I have roughly 30 files. I want to be able to edit every $_POST and $_GET
Code: [Select]$value=$_POST['value'];
$value=$_GET['value'];
my instinct would be to edit every file and do it manually
Code: [Select]$value=$_POST['value'];
$value=mysql_real_escape_string($value)
$value=$_GET['value'];
$value=mysql_real_escape_string($value)
but if there was a faster way it would make my life easier. What I would like to do is to maybe create a function i can put at the top of every page or into my global.php which is included into every page that would do something like this
Code: [Select]
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}else{
$value=mysql_real_escape_string($value)
}
i dont intend to have magic quotes on, but other people might on there servers.
I just need every $_POST or $_GET within my script to be automaticly cleaned or filtered from SQL Injections
I saw something a long time ago where it was something they put at the top of there page, this will be completely wrong, but i will give u an example of what it looked like
Code: [Select]$_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map('mysql_real_escape_string', $_REQUEST);
im not to sure how that goes about effecting everything, where to put it, etc
Any ideas or suggestions? Or am I stuck doing it manually.
No comments posted yet
Your Answer:
Login to answer
167
10
Other forums
Preg_match with an array
is there an away to use preg_match with an array?
i want to check a string with an array to s
Allowing ' and "
Hello everyone,
I am creating a form where users submit information to go into a database. I
difference between datetimes
($row['totime']-$row['fromtime'])/60
this is giving me 0
example of totime and fromtim
formating when pulling data from a mysql database
Ok so Im not to sure if this is the right thread to post in but here is my catch 22 issue.
I
Refining of search Criteria
Dear Friends
I need a help, I have a search page which of cars related, which has different s
Echo multiple lines of html code
Hi guys,
I would like to know if there is a way to echo multiple lines of html codes.
PHP mail() with images
I'm trying to get images to send along with my HTML e-mail sent through PHP mail(). I only tried vie
Passing PHP variables from one page to another
Hello-
I'm having trouble figuring out how to transport a variable from one php file to anoth
single values into sql field
i have a form which i want the user to able to select multiple answers. But i want the answers to be
Displaying returned XML in another PHP page
I have an online payment form that will return XML given if a payment is successful or declines. I