question about stripslashes and real_escape_string


Posted on 16th Feb 2014 07:03 pm by admin

im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.

I have roughly 30 files. I want to be able to edit every $_POST and $_GET

Code: [Select]$value=$_POST['value'];
$value=$_GET['value'];
my instinct would be to edit every file and do it manually

Code: [Select]$value=$_POST['value'];
$value=mysql_real_escape_string($value)


$value=$_GET['value'];
$value=mysql_real_escape_string($value)

but if there was a faster way it would make my life easier. What I would like to do is to maybe create a function i can put at the top of every page or into my global.php which is included into every page that would do something like this

Code: [Select]
if (get_magic_quotes_gpc()) {

$value = stripslashes($value);
}else{
$value=mysql_real_escape_string($value)

}
i dont intend to have magic quotes on, but other people might on there servers.

I just need every $_POST or $_GET within my script to be automaticly cleaned or filtered from SQL Injections

I saw something a long time ago where it was something they put at the top of there page, this will be completely wrong, but i will give u an example of what it looked like

Code: [Select]$_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map('mysql_real_escape_string', $_REQUEST);

im not to sure how that goes about effecting everything, where to put it, etc

Any ideas or suggestions? Or am I stuck doing it manually.

No comments posted yet

Your Answer:

Login to answer
167 Like 10 Dislike
Previous forums Next forums
Other forums

Check something, wait, check again, do something!
Hi guys.

I wonder if someone can help me with this.

Basically, what I want to do is (

How would I protect......
I have a from, actually, a good amount of forms. How can I make it so you can't type the characters:

strtotime issue
Hey all,

I'm playing around with some code, and basically the idea is:

Person changes

Why does my php page download images over and over
Can anybody please explain to me why my php page keeps downloading the images and other items every

Pulling out some result data from MYSQL
Hey Guys,

I've built a PHP page that has a for just imagine something like registration form

I am stumped
OK. Here is what I am trying to do. I have the conditions set, and if the conditions are met, I want

form variables from database help.
Hi all,

I would like to have a form that gives you options based on the results of an mysql q

Preventing blank or already entered values
Im trying to learn how to place a read file line by line and prevent duplicate entries and also BLAN

Remote Database Access
Hey guys!!

OK, i'm used to only working with databases from the CPANEL, accessing phpMyAdmin

Why Are These Functions Causing MASSIVE Memory Problems? Please Help!
Hi,

I have a script with some options.

I use regex to replace patterns in strings, but

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash