question about stripslashes and real_escape_string
Posted on
16th Feb 2014 07:03 pm by
admin
im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.
I have roughly 30 files. I want to be able to edit every $_POST and $_GET
Did you know?Explore Trending and Topic pages for more stories like this.
Code: [Select]$value=$_POST['value'];
$value=$_GET['value'];
my instinct would be to edit every file and do it manually
Code: [Select]$value=$_POST['value'];
$value=mysql_real_escape_string($value)
$value=$_GET['value'];
$value=mysql_real_escape_string($value)
but if there was a faster way it would make my life easier. What I would like to do is to maybe create a function i can put at the top of every page or into my global.php which is included into every page that would do something like this
Code: [Select]
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}else{
$value=mysql_real_escape_string($value)
}
i dont intend to have magic quotes on, but other people might on there servers.
I just need every $_POST or $_GET within my script to be automaticly cleaned or filtered from SQL Injections
I saw something a long time ago where it was something they put at the top of there page, this will be completely wrong, but i will give u an example of what it looked like
Code: [Select]$_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map('mysql_real_escape_string', $_REQUEST);
im not to sure how that goes about effecting everything, where to put it, etc
Any ideas or suggestions? Or am I stuck doing it manually.
No comments posted yet
Your Answer:
Login to answer
152
24
Other forums
Image resize
Hi again fellers
I managed to sort out the issues with the folder,
Final hurdle is th
what business processes?
Hi,
A general question. What business processes (like OTC - Order to Cach, P2P, R2R etc)
Displaying returned XML in another PHP page
I have an online payment form that will return XML given if a payment is successful or declines. I
Displaying different page content, depending on the logged in user.
Hi all, I am new to ASP.net (and web development in general), and have a question about how I can di
Coding question?
Hey guys, I have a quick question. If I want to make a way for people to pay for health in my game,
PHP form help required
Hi all! Apologies in advance for having to message the forum for help. I know you must get a lot of
Executing an exe
Hi. I have some bizarre problem with exec (other any other method) to launch exe's. I am making a ga
Help with usergroups? prolly really quick
So were coding our own forums for a game system we made an we have the users level setup but now I n
Adding Outlook 2007 items via file upload
I am looking for a way to be able to attach an Outlook item (an email message) in an ASP.NET 3.5 app
Help me with some material on Open Text Overview.
Hi Experts,
Please help me out with some material on Open Text. I have been supporting AP Workf