question about stripslashes and real_escape_string


Posted on 16th Feb 2014 07:03 pm by admin

im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.

I have roughly 30 files. I want to be able to edit every $_POST and $_GET

Did you know?Explore Trending and Topic pages for more stories like this.
Code: [Select]$value=$_POST['value'];
$value=$_GET['value'];
my instinct would be to edit every file and do it manually

Code: [Select]$value=$_POST['value'];
$value=mysql_real_escape_string($value)


$value=$_GET['value'];
$value=mysql_real_escape_string($value)

but if there was a faster way it would make my life easier. What I would like to do is to maybe create a function i can put at the top of every page or into my global.php which is included into every page that would do something like this

Code: [Select]
if (get_magic_quotes_gpc()) {

$value = stripslashes($value);
}else{
$value=mysql_real_escape_string($value)

}
i dont intend to have magic quotes on, but other people might on there servers.

I just need every $_POST or $_GET within my script to be automaticly cleaned or filtered from SQL Injections

I saw something a long time ago where it was something they put at the top of there page, this will be completely wrong, but i will give u an example of what it looked like

Code: [Select]$_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map('mysql_real_escape_string', $_REQUEST);

im not to sure how that goes about effecting everything, where to put it, etc

Any ideas or suggestions? Or am I stuck doing it manually.
No comments posted yet

Your Answer:

Login to answer
152 Like 24 Dislike
Previous forums Next forums
Other forums

Page doesn't expand for content
Hi. I've been testing a query I made. It's here http://lapr1.6te.net/inquerito.php
The page doesn

Spaghetti Code
So.

I've pretty much reached the point where I have so many isset s on one page that I can't

insert mysql embeded videos as blobs?
Using TinyMCE my client will be able to embed images and flash videos into large columns of text whi

cURL Sending File as Post
This is a bit complicated, I'm just hoping someone else has run into this and knows how to do it a d

SCO Unix
I know this might not be the place to ask, but, can anyone tell me if SCO Unix comes with PHP built

The repetition structure: the while statement not working
New programming student, have assignment as follows:
A restaurant has 4 lunch combos for custom

Allegro crashes when running load_bitmap. Why?
I can not get Allegro to load any BMP images. Here is a section of test code. The picture is in the

Storing/displaying image urls in a database?
Hi
Basically I have the following scenario:
User chooses picture from list. Picture info is ad

Not Inserting into DB
I can't get my Add new Division form to submit to the database. Anyone see my issue?

Code: &a

Last Weeks sDate and eDate.
sDate - Start Date
eDate - End Date

I need to pull two dates for "Last Week" whi

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash