question about stripslashes and real_escape_string
Posted on
16th Feb 2014 07:03 pm by
admin
im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.
I have roughly 30 files. I want to be able to edit every $_POST and $_GET
Code: [Select]$value=$_POST['value'];
$value=$_GET['value'];
my instinct would be to edit every file and do it manually
Code: [Select]$value=$_POST['value'];
$value=mysql_real_escape_string($value)
$value=$_GET['value'];
$value=mysql_real_escape_string($value)
but if there was a faster way it would make my life easier. What I would like to do is to maybe create a function i can put at the top of every page or into my global.php which is included into every page that would do something like this
Code: [Select]
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}else{
$value=mysql_real_escape_string($value)
}
i dont intend to have magic quotes on, but other people might on there servers.
I just need every $_POST or $_GET within my script to be automaticly cleaned or filtered from SQL Injections
I saw something a long time ago where it was something they put at the top of there page, this will be completely wrong, but i will give u an example of what it looked like
Code: [Select]$_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map('mysql_real_escape_string', $_REQUEST);
im not to sure how that goes about effecting everything, where to put it, etc
Any ideas or suggestions? Or am I stuck doing it manually.
No comments posted yet
Your Answer:
Login to answer
167 
10 
Other forums
am I using this for loop correctly
Dear buddies!
Right now I am generating a report with some details for all the dealers.Specific name typed, specific image shown on html page
Hello,
Fairly new to PHP and was curious if someone might know how to solve a fairly simple r
Inserting the current date/time while submitting the forum
What do I need to add below to update the current date/time? I have a field in the database called d
session variables not working anymore
hello,
i use sessions to handle authentication within my site. my host has been changing a lot of
Sub-domains & calling unique content
Hello,
Is there a way use something similar to the $_GET function for a sub-domain? I to be a
cURL proxy
Okay here is the thing... i know how to add proxys
Code: curl_setopt($ch, CURLOPT_PROXYTYPE,
Estimations and Effort
HI Gurus,
Would like to know whether SAP have a provision for carrying out the Project es
Delete all files in folder except with certain name
I have a script that I want to delete all files in a folder (taken from a database) except for one n
PHP File Upload Problem
Hi, I have written a very simple file upload script but it fails for reasons I can't explain. Hope
Xml parsing
I need a suggestion about parsing xml with multiply parts like pervious...
i.e. different device
