question about stripslashes and real_escape_string
Posted on
16th Feb 2014 07:03 pm by
admin
im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.
I have roughly 30 files. I want to be able to edit every $_POST and $_GET
Code: [Select]$value=$_POST['value'];
$value=$_GET['value'];
my instinct would be to edit every file and do it manually
Code: [Select]$value=$_POST['value'];
$value=mysql_real_escape_string($value)
$value=$_GET['value'];
$value=mysql_real_escape_string($value)
but if there was a faster way it would make my life easier. What I would like to do is to maybe create a function i can put at the top of every page or into my global.php which is included into every page that would do something like this
Code: [Select]
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}else{
$value=mysql_real_escape_string($value)
}
i dont intend to have magic quotes on, but other people might on there servers.
I just need every $_POST or $_GET within my script to be automaticly cleaned or filtered from SQL Injections
I saw something a long time ago where it was something they put at the top of there page, this will be completely wrong, but i will give u an example of what it looked like
Code: [Select]$_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map('mysql_real_escape_string', $_REQUEST);
im not to sure how that goes about effecting everything, where to put it, etc
Any ideas or suggestions? Or am I stuck doing it manually.
No comments posted yet
Your Answer:
Login to answer
167 
10 
Other forums
If a record matches an existing record do nothing
So I don't know if I should put this here or in mysql, but what my script is for is for people to ad
help me, how to find text on an external html site using PHP
Would anyone know how to search an external html file for a work or phrase ?
I was thinking s
Need help with PHP/MySQL drop down menu
I need help on how I can implement a drop down menu which queries mysql database and output the avai
Echo multiple lines of html code
Hi guys,
I would like to know if there is a way to echo multiple lines of html codes.
Dynamic memory problem
Hey,
At the beginning of my code, I have this line:
Shape* gShape = 0;
Simpler method of getting variables from mysql
Hi Guys,
I'm trying to streamline my CMS's code and as I was writing a new page it occured to
mail()
Hi all. I have a problem with emails. I am trying to set up a mail system where customers can subscr
help with image upload code
Hello,
right now this code I have resizes images and then places them into the uploads folder
$variable $variables type question
I need to be able to designate an array element dynamically, so I thought to use a variable variable
Converting RGB values to HEX
Code: <?PHP
$file_handle = fopen("colors/rgb.csv", "r");
wh
