question about stripslashes and real_escape_string


Posted on 16th Feb 2014 07:03 pm by admin

im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.

I have roughly 30 files. I want to be able to edit every $_POST and $_GET

Code: [Select]$value=$_POST['value'];
$value=$_GET['value'];
my instinct would be to edit every file and do it manually

Code: [Select]$value=$_POST['value'];
$value=mysql_real_escape_string($value)


$value=$_GET['value'];
$value=mysql_real_escape_string($value)

but if there was a faster way it would make my life easier. What I would like to do is to maybe create a function i can put at the top of every page or into my global.php which is included into every page that would do something like this

Code: [Select]
if (get_magic_quotes_gpc()) {

$value = stripslashes($value);
}else{
$value=mysql_real_escape_string($value)

}
i dont intend to have magic quotes on, but other people might on there servers.

I just need every $_POST or $_GET within my script to be automaticly cleaned or filtered from SQL Injections

I saw something a long time ago where it was something they put at the top of there page, this will be completely wrong, but i will give u an example of what it looked like

Code: [Select]$_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map('mysql_real_escape_string', $_REQUEST);

im not to sure how that goes about effecting everything, where to put it, etc

Any ideas or suggestions? Or am I stuck doing it manually.

No comments posted yet

Your Answer:

Login to answer
152 Like 24 Dislike
Previous forums Next forums
Other forums

Buggy registration system
Hey, I just started scripting in PHP, and I ran into a few problems.
Code: <?php
includ

Page not Loading After Test
Hey All

It seemed that an inlcude statement wasn't working for some reason, so I tried a more

elseif help!
OK so I'm new to the site, as well as PHP altogether (Trying my hand at managing an online RPG) and

update post issues
I am trying to create an update to a post function, while the update does occur, the page routing an

Remore client postprocessing phase getting dump SAPSQL_ARRAY_INSERT_DUPREC
Hello Expects,I have started remore client copy. Data was copied successfully. but while running pos

Trigger tag in aspx is not coming
hi all ,iam new to ajax, iam using file upload inside the update pannel but right now i want to use

Line break?
Hi, I'm new to the forum and new to php. I'm not sure if I'm using the correct terminology so here i

How to Handle more than one submit button in single form?
Hi
I have one PHP file which contains one Form. In this form there are two Submit type Buttons

PRotect my POST DATA... FROM HTML ATTACKS
I need to like let's say

If a user submit's his Prayer and he put's <meta refresh stuf

Get ID from Database when Posting with a HTML Form
I have a form I am submitting to a MySql database. Each product has an ID # attached to it that auto

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash