question about stripslashes and real_escape_string

Posted on 16th Feb 2014 07:03 pm by admin

im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.

I have roughly 30 files. I want to be able to edit every $_POST and $_GET

Code: [Select]$value=$_POST['value'];
$value=$_GET['value'];
my instinct would be to edit every file and do it manually

Code: [Select]$value=$_POST['value'];
$value=mysql_real_escape_string($value)


$value=$_GET['value'];
$value=mysql_real_escape_string($value)

but if there was a faster way it would make my life easier. What I would like to do is to maybe create a function i can put at the top of every page or into my global.php which is included into every page that would do something like this

Code: [Select]
if (get_magic_quotes_gpc()) {

$value = stripslashes($value);
}else{
$value=mysql_real_escape_string($value)

}
i dont intend to have magic quotes on, but other people might on there servers.

I just need every $_POST or $_GET within my script to be automaticly cleaned or filtered from SQL Injections

I saw something a long time ago where it was something they put at the top of there page, this will be completely wrong, but i will give u an example of what it looked like

Code: [Select]$_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map('mysql_real_escape_string', $_REQUEST);

im not to sure how that goes about effecting everything, where to put it, etc

Any ideas or suggestions? Or am I stuck doing it manually.

Your Answer:

Login to answer

Other forums

Ajax Issues - Update Panel / Timer. Intellisense doesn't know about them
Type 'System.Web.UI.ScriptManager' does not have a public property named 'UpdatePanel'. That is wha

Company Code for Vendors created through Business Partners
Hi, experts!

I'm trying to set up the integration between Business Partner (BP) and Vendo

how to easy edit text, with box? Help.
Hi.
I have a little problem. I'm doing a webpage for my aunt and I would like to make it as easy

Cache PHP Objects/Classes?
Does anyone have ideas about caching PHP objects using something like: http://memcached.org/

Multidimensional $_POST
Hello

How to get a single array from array of array (2 - dimension).
For example I have a

Get keys and values from an array
Hellow,

I have an array $Data with keys and values. With a foreach I can display all the valu

Is this possible? If one file assigned to an ID...
I have a page that lists property listings assigned to a specific user (a manage page), with brief t

Reduce redundancies in switch functions?
Hello all! I somewhat new to PHP, and was wondering if anyone could give some suggestions on a swit

controlling/creating accounts with privileges
hi all,
i'm trying to figure out how i can create/control account with privileges, for instance a

PHP & Java
Hello,

can PHP code be used inside java code?

Code: <SCRIPT LANGUAGE="Java