question about stripslashes and real_escape_string
Posted on
16th Feb 2014 07:03 pm by
admin
im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.
I have roughly 30 files. I want to be able to edit every $_POST and $_GET
Code: [Select]$value=$_POST['value'];
$value=$_GET['value'];
my instinct would be to edit every file and do it manually
Code: [Select]$value=$_POST['value'];
$value=mysql_real_escape_string($value)
$value=$_GET['value'];
$value=mysql_real_escape_string($value)
but if there was a faster way it would make my life easier. What I would like to do is to maybe create a function i can put at the top of every page or into my global.php which is included into every page that would do something like this
Code: [Select]
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}else{
$value=mysql_real_escape_string($value)
}
i dont intend to have magic quotes on, but other people might on there servers.
I just need every $_POST or $_GET within my script to be automaticly cleaned or filtered from SQL Injections
I saw something a long time ago where it was something they put at the top of there page, this will be completely wrong, but i will give u an example of what it looked like
Code: [Select]$_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map('mysql_real_escape_string', $_REQUEST);
im not to sure how that goes about effecting everything, where to put it, etc
Any ideas or suggestions? Or am I stuck doing it manually.
No comments posted yet
Your Answer:
Login to answer
152 
24 
Other forums
SOAP Issue
Hi,
I am facing some understanding problem with SOAP basic.kindly recommend some SOAP expert.
Error when call dll from oracle
Hi all, please help me!
I have dll write C language, I want call it from oracle procedur
how to timeout $doc = new DOMDocument()->load($url)
I am currently using this $doc->load($url) to fetch an rss feed.
If a feed takes long than
Google voice
I currently have a form in html, but I want it in php so the information is not in the source code.<
newbie question about multiple queries
hi everyone,
I'm sorry to ask such a basic question, but I'm young and trying to learn php on my
User information
Hi All,
By using t-code SUIM we get all the user details,if suppose we donot have permission t
How do I use ValidatorCallout extender in Login control?
Hi,I'd like to customize the look and feel of the login control a little bit. One thing I'd love to
Change log of Cost centre change in Plant maintenance order
Hi,
How to view Change log of Cost centre in Plant maintenance order. Not visible thru 'Docume
Detail Expenses Report by Cost Center
I would like to obtain a report out of SAP that shows a list of expenses by cost center that shows t
Read from a text file after a specific word
Hi all.
I have a text file that looks like the one below.
I know how to open the text fi
