question about stripslashes and real_escape_string


Posted on 16th Feb 2014 07:03 pm by admin

im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.

I have roughly 30 files. I want to be able to edit every $_POST and $_GET

Code: [Select]$value=$_POST['value'];
$value=$_GET['value'];
my instinct would be to edit every file and do it manually

Code: [Select]$value=$_POST['value'];
$value=mysql_real_escape_string($value)


$value=$_GET['value'];
$value=mysql_real_escape_string($value)

but if there was a faster way it would make my life easier. What I would like to do is to maybe create a function i can put at the top of every page or into my global.php which is included into every page that would do something like this

Code: [Select]
if (get_magic_quotes_gpc()) {

$value = stripslashes($value);
}else{
$value=mysql_real_escape_string($value)

}
i dont intend to have magic quotes on, but other people might on there servers.

I just need every $_POST or $_GET within my script to be automaticly cleaned or filtered from SQL Injections

I saw something a long time ago where it was something they put at the top of there page, this will be completely wrong, but i will give u an example of what it looked like

Code: [Select]$_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map('mysql_real_escape_string', $_REQUEST);

im not to sure how that goes about effecting everything, where to put it, etc

Any ideas or suggestions? Or am I stuck doing it manually.

No comments posted yet

Your Answer:

Login to answer
152 Like 24 Dislike
Previous forums Next forums
Other forums

no idea what to do...
I'm fed up. I had issues with code that I have working on a different site that didn't work on my cu

Got A Free Server :(
So I was given a free server

http://shopping.yahoo.com/p:Compaq%20ProLiant%201500%20Server:1

Table control is disappearing from Screen
Hi Experts,

I have a screen with multiple table control(TC). Each table control has two c

Filtering Tables
Hello Thanks for any help any one can give Im very new to PHP..

I need to pull data for clien

Please help with code for SMTP authenticated PHP email form
Hello, I'm creating a PHP email form, and for this particular server, I have to use SMTP Authenticat

pageination not working right... coping images over 4 pages
Code: <?php //This code will obtain the required page number from the $_GET array. Note that

Multi dimensional arrays
If I put in this code:

1
2
3
4
5
6
7
8
9
10
11
12
13<

PHP Cannot redeclare class
I have 6 files, and two of them do not seem to want to play well. I keep getting a "Cannot rede

Extract text from string
Hi folks,

I have a string that looks like this:

aaaaaaaaaa:
bbbbbbbbbb (ccccccccc)

Hi, explode and strstr.
Hi, I seem to be confused about the strstr function, eg. i have a string like:
"a.b.c.d.e.f&

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash