question about stripslashes and real_escape_string
Posted on
16th Feb 2014 07:03 pm by
admin
im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.
I have roughly 30 files. I want to be able to edit every $_POST and $_GET
Code: [Select]$value=$_POST['value'];
$value=$_GET['value'];
my instinct would be to edit every file and do it manually
Code: [Select]$value=$_POST['value'];
$value=mysql_real_escape_string($value)
$value=$_GET['value'];
$value=mysql_real_escape_string($value)
but if there was a faster way it would make my life easier. What I would like to do is to maybe create a function i can put at the top of every page or into my global.php which is included into every page that would do something like this
Code: [Select]
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}else{
$value=mysql_real_escape_string($value)
}
i dont intend to have magic quotes on, but other people might on there servers.
I just need every $_POST or $_GET within my script to be automaticly cleaned or filtered from SQL Injections
I saw something a long time ago where it was something they put at the top of there page, this will be completely wrong, but i will give u an example of what it looked like
Code: [Select]$_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map('mysql_real_escape_string', $_REQUEST);
im not to sure how that goes about effecting everything, where to put it, etc
Any ideas or suggestions? Or am I stuck doing it manually.
No comments posted yet
Your Answer:
Login to answer
152 
24 
Other forums
Operating System
How in PHP or other language can I detect Operating system, ie Windows XP Home, Windows 7 Ultimate,
Linking with Foreign Keys
I have been getting an erro when I try and link:
create table Faculty_Specialty (I_Name v
Undefined offset when using a flat file with pipe symbols
Hi, I've got a flat file/text file which I'm currently using as a member database for my site (not a
INSERT data problem!
After having an string with apostrophes ', double quotes " or any other special characters, suc
exclude characters from counting?
Hello, I wanted to ask if you have a string like:
Code: $my_s='ASRGREGTGTR----REGREGRE+++RRRRRR..
Filtering Tables
Hello Thanks for any help any one can give Im very new to PHP..
I need to pull data for clien
selectbox+database connection retrive problem
Code: [Select]
<tr>
<th align="left" scope="c
Set Categories
I am creating a submission form for somebody to come in and submit products. These products are sep
Create multiple (n) arrays
Hi there,
I have the following need:
I have 2 arrays (coming from a databases)
do while conditions
i want to display 6 images in a 2x3 table
now what would be the correct logic to
count that th
