question about stripslashes and real_escape_string
Posted on
16th Feb 2014 07:03 pm by
admin
im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.
I have roughly 30 files. I want to be able to edit every $_POST and $_GET
Code: [Select]$value=$_POST['value'];
$value=$_GET['value'];
my instinct would be to edit every file and do it manually
Code: [Select]$value=$_POST['value'];
$value=mysql_real_escape_string($value)
$value=$_GET['value'];
$value=mysql_real_escape_string($value)
but if there was a faster way it would make my life easier. What I would like to do is to maybe create a function i can put at the top of every page or into my global.php which is included into every page that would do something like this
Code: [Select]
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}else{
$value=mysql_real_escape_string($value)
}
i dont intend to have magic quotes on, but other people might on there servers.
I just need every $_POST or $_GET within my script to be automaticly cleaned or filtered from SQL Injections
I saw something a long time ago where it was something they put at the top of there page, this will be completely wrong, but i will give u an example of what it looked like
Code: [Select]$_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map('mysql_real_escape_string', $_REQUEST);
im not to sure how that goes about effecting everything, where to put it, etc
Any ideas or suggestions? Or am I stuck doing it manually.
No comments posted yet
Your Answer:
Login to answer
152 
24 
Other forums
output printing as hexadecmal... XD
Everything works except the calcem call for the totusold and totuprice. The out put shows up as hex.
Running External Scripts
I am very new to PHP and am not even sure what I'm asking is possible. I have just installed mediaW
Session problem?!?
Hello All! I am very new to the php world but I am working on fixing things that a previous programm
help with multi-update
Now sure how to ask this really....
10g database if that matters.
I have a customer
Agency Business Process
Hi,
I don’t understand the process of the agency business in SAP.
In my
Rss feed question
Hi
My blog and my website are different. Am i able to take my rss feed
from my blog and p
Advice on how to delete a mysql row using my form
Hi,
I am very new to php and am struggling to work out how to delete a portfolio item (a row
Redirect not working after making a POST/GET
Hi Everyone,
I am a novice in PHP. Here I have 2 pages, one page with a textbox and button an
urldecode question
How would I format this line of code properly?
<?php echo urldecode($_GET['Title']); ?
* Gridview and Detailsview in UpdatePanel, insert mode problem
I have a GridView and DetailsView working together. When a record from Gridview is selected, Detail
