question about stripslashes and real_escape_string
Posted on
16th Feb 2014 07:03 pm by
admin
im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.
I have roughly 30 files. I want to be able to edit every $_POST and $_GET
Code: [Select]$value=$_POST['value'];
$value=$_GET['value'];
my instinct would be to edit every file and do it manually
Code: [Select]$value=$_POST['value'];
$value=mysql_real_escape_string($value)
$value=$_GET['value'];
$value=mysql_real_escape_string($value)
but if there was a faster way it would make my life easier. What I would like to do is to maybe create a function i can put at the top of every page or into my global.php which is included into every page that would do something like this
Code: [Select]
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}else{
$value=mysql_real_escape_string($value)
}
i dont intend to have magic quotes on, but other people might on there servers.
I just need every $_POST or $_GET within my script to be automaticly cleaned or filtered from SQL Injections
I saw something a long time ago where it was something they put at the top of there page, this will be completely wrong, but i will give u an example of what it looked like
Code: [Select]$_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map('mysql_real_escape_string', $_REQUEST);
im not to sure how that goes about effecting everything, where to put it, etc
Any ideas or suggestions? Or am I stuck doing it manually.
No comments posted yet
Your Answer:
Login to answer
167
10
Other forums
Unable to retreve the values from Mysql Query
Hi,
Here is the php code that I have, Query is running properly in phpmyadmin and is resu
same querie, or a new one??
Hi guys,
I'm still working on this drop down list. I've got the actual drop down list to wor
set xml path in flash when xml created in memorystream and webrequest
i am creating an xml file using memory stream and i want to load this xml file into the flash on cli
Getting the full city list from maxminds geoip database
I am suprised I can't find any references to this.
I have maxminds geoip lite installed and i
Inserting a variable in a link
I have this code that I want to insert for my own variable but I have no idea how. This is what I wa
Multidimensional $_POST
Hello
How to get a single array from array of array (2 - dimension).
For example I have a
storing results of a function - previous result overwritten with new result
I have created a function to validate input.
function validate_dimension($value,$name) {
<
Character Sets/Collations Stuff
Can someone please give me a check list of things I must do to setup all the charset stuff for my ph
GET * FROM _____ Except?
I have a site that is for stock photography.
This section of the code calls images to display
mails going in spam??
The mails I sent to folks in my database using mail(function) are going in spam??
Any idea ho