question about stripslashes and real_escape_string

Posted on 16th Feb 2014 07:03 pm by admin

im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.

I have roughly 30 files. I want to be able to edit every $_POST and $_GET

Code: [Select]$value=$_POST['value'];
$value=$_GET['value'];
my instinct would be to edit every file and do it manually

Code: [Select]$value=$_POST['value'];
$value=mysql_real_escape_string($value)


$value=$_GET['value'];
$value=mysql_real_escape_string($value)

but if there was a faster way it would make my life easier. What I would like to do is to maybe create a function i can put at the top of every page or into my global.php which is included into every page that would do something like this

Code: [Select]
if (get_magic_quotes_gpc()) {

$value = stripslashes($value);
}else{
$value=mysql_real_escape_string($value)

}
i dont intend to have magic quotes on, but other people might on there servers.

I just need every $_POST or $_GET within my script to be automaticly cleaned or filtered from SQL Injections

I saw something a long time ago where it was something they put at the top of there page, this will be completely wrong, but i will give u an example of what it looked like

Code: [Select]$_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map('mysql_real_escape_string', $_REQUEST);

im not to sure how that goes about effecting everything, where to put it, etc

Any ideas or suggestions? Or am I stuck doing it manually.

Your Answer:

Login to answer

Other forums

Apple's revamped lineup arrives

I'm personally curious about the magic mouse.. a multi-touch concept sounds like it could be nea

How do I create a 2D game "camera" to follow player?
In J2ME programming I'm targeting MIDP 2.0 devices.

I'm using gamecanvas and I was thinking t

Character Set Setup
Whats the best character set to use if you want every character to work, and also how do you make yo

Login Functionality Working Different on IE
This is an odd one, I have a site which has an admin section. The admin pages unsurprisingly require

Help with usergroups? prolly really quick
So were coding our own forums for a game system we made an we have the users level setup but now I n

search function
HI guys,

if anyone could point us in the right direction of how to do this, or provide some t

why preg_match_all does not return the number of matches
My regex looks like

X[^x{4e00}-x{9fa5}]*Y

(where X and Y are two Chinese characters)

order by date not ID number help php
I am trying to orginize the following code to order by date not id number.
any help would be grea

Renaming a file that a user uploads to site?
My site allows for registered users to upload images to the site under their own gallery. Currently

Fetching array then reversing it
Hi, I have a simple problem, I'll try to explain it as best I can:
News entries in my database ar