question about stripslashes and real_escape_string


Posted on 16th Feb 2014 07:03 pm by admin

im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.

I have roughly 30 files. I want to be able to edit every $_POST and $_GET

Code: [Select]$value=$_POST['value'];
$value=$_GET['value'];
my instinct would be to edit every file and do it manually

Code: [Select]$value=$_POST['value'];
$value=mysql_real_escape_string($value)


$value=$_GET['value'];
$value=mysql_real_escape_string($value)

but if there was a faster way it would make my life easier. What I would like to do is to maybe create a function i can put at the top of every page or into my global.php which is included into every page that would do something like this

Code: [Select]
if (get_magic_quotes_gpc()) {

$value = stripslashes($value);
}else{
$value=mysql_real_escape_string($value)

}
i dont intend to have magic quotes on, but other people might on there servers.

I just need every $_POST or $_GET within my script to be automaticly cleaned or filtered from SQL Injections

I saw something a long time ago where it was something they put at the top of there page, this will be completely wrong, but i will give u an example of what it looked like

Code: [Select]$_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map('mysql_real_escape_string', $_REQUEST);

im not to sure how that goes about effecting everything, where to put it, etc

Any ideas or suggestions? Or am I stuck doing it manually.

No comments posted yet

Your Answer:

Login to answer
152 Like 24 Dislike
Previous forums Next forums
Other forums

DataTable Help Required
Hi all I am creating an app that utilises and MS Access back end and queries it quite a bit at vario

Help pulling in 'id' with "read more" link
I'm trying to create snippets of my articles in the cms I'm creating, and then have them redirect to

Is this possible? If one file assigned to an ID...
I have a page that lists property listings assigned to a specific user (a manage page), with brief t

Error when call dll from oracle
Hi all, please help me!

I have dll write C language, I want call it from oracle procedur

mysql_real_escape_string making variable equal nothing
i post a form and i post the variable:
Code: $var = $_POST[variable];then i echo $var its what i

can i optmize image to 50% quality before uploading 2 server
Hi there

i have jus written a php program to upload and display images but when i try to uplo

parameter passing issue on function
Well I thought I had created a pretty slick web page, using ?page and $_GET to load pages which wher

Registration
ok so i have a site where people can register and login which works now thanks to someone on here th

How to convert this array to string
I am having problems converting this array to a string
using print_r($val[1]); I get:
Code: [

Finding digits in variable containing text, and IDing them
$romanstock = "http://www.remoteprice.com/data.asp?storeid=123&itemcode=456&typ

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash