question about stripslashes and real_escape_string
Posted on
16th Feb 2014 07:03 pm by
admin
im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.
I have roughly 30 files. I want to be able to edit every $_POST and $_GET
Code: [Select]$value=$_POST['value'];
$value=$_GET['value'];
my instinct would be to edit every file and do it manually
Code: [Select]$value=$_POST['value'];
$value=mysql_real_escape_string($value)
$value=$_GET['value'];
$value=mysql_real_escape_string($value)
but if there was a faster way it would make my life easier. What I would like to do is to maybe create a function i can put at the top of every page or into my global.php which is included into every page that would do something like this
Code: [Select]
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}else{
$value=mysql_real_escape_string($value)
}
i dont intend to have magic quotes on, but other people might on there servers.
I just need every $_POST or $_GET within my script to be automaticly cleaned or filtered from SQL Injections
I saw something a long time ago where it was something they put at the top of there page, this will be completely wrong, but i will give u an example of what it looked like
Code: [Select]$_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map('mysql_real_escape_string', $_REQUEST);
im not to sure how that goes about effecting everything, where to put it, etc
Any ideas or suggestions? Or am I stuck doing it manually.
No comments posted yet
Your Answer:
Login to answer
152 
24 
Other forums
problems with search form numerical "between" sending by php
I am trying to display the results of a search, on a sql database, on a web page. I set up html &quo
data type in column definition
Hi,
I create a table with column called "Direction of Travel code ".
The travel codes in t
Wierd echo error?
Hi, i got the most wierd php error ever and i don't know why..
Code: echo "<t
UTL File problem
Hi
I have a file in certain path with the following permissions (The file is a dummy file witho
Save cookie to DB
I'm working on a pixel tracking script for an incentive website and I need to use an ASP script to s
gmdate() - want 1 hr before time
Hi,
I am using php gmdate().
Now I am entering all dates in my dbase using gmdate("Y-m-d
Help with ORDER BY
Hello. I would like to order by ascending States, then Cities, then Gyms in the following code, but
Socket Server
In my following socket server, I am trying to listen to a connection through port 12345 in my web br
Re-Order by ID Number
I have a cms set up for inputting an image, thumb, title, pdf, and eps. When input the database ass
Undefined offset
The following script checks to see if the user answer matches the correct answer.
Form Fiel
