question about stripslashes and real_escape_string
Posted on
16th Feb 2014 07:03 pm by
admin
im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.
I have roughly 30 files. I want to be able to edit every $_POST and $_GET
Code: [Select]$value=$_POST['value'];
$value=$_GET['value'];
my instinct would be to edit every file and do it manually
Code: [Select]$value=$_POST['value'];
$value=mysql_real_escape_string($value)
$value=$_GET['value'];
$value=mysql_real_escape_string($value)
but if there was a faster way it would make my life easier. What I would like to do is to maybe create a function i can put at the top of every page or into my global.php which is included into every page that would do something like this
Code: [Select]
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}else{
$value=mysql_real_escape_string($value)
}
i dont intend to have magic quotes on, but other people might on there servers.
I just need every $_POST or $_GET within my script to be automaticly cleaned or filtered from SQL Injections
I saw something a long time ago where it was something they put at the top of there page, this will be completely wrong, but i will give u an example of what it looked like
Code: [Select]$_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map('mysql_real_escape_string', $_REQUEST);
im not to sure how that goes about effecting everything, where to put it, etc
Any ideas or suggestions? Or am I stuck doing it manually.
No comments posted yet
Your Answer:
Login to answer
152 
24 
Other forums
Buggy registration system
Hey, I just started scripting in PHP, and I ran into a few problems.
Code: <?php
includ
Page not Loading After Test
Hey All
It seemed that an inlcude statement wasn't working for some reason, so I tried a more
elseif help!
OK so I'm new to the site, as well as PHP altogether (Trying my hand at managing an online RPG) and
update post issues
I am trying to create an update to a post function, while the update does occur, the page routing an
Remore client postprocessing phase getting dump SAPSQL_ARRAY_INSERT_DUPREC
Hello Expects,I have started remore client copy. Data was copied successfully. but while running pos
Trigger tag in aspx is not coming
hi all ,iam new to ajax, iam using file upload inside the update pannel but right now i want to use
Line break?
Hi, I'm new to the forum and new to php. I'm not sure if I'm using the correct terminology so here i
How to Handle more than one submit button in single form?
Hi
I have one PHP file which contains one Form. In this form there are two Submit type ButtonsPRotect my POST DATA... FROM HTML ATTACKS
I need to like let's say
If a user submit's his Prayer and he put's <meta refresh stuf
Get ID from Database when Posting with a HTML Form
I have a form I am submitting to a MySql database. Each product has an ID # attached to it that auto
