question about stripslashes and real_escape_string
Posted on
16th Feb 2014 07:03 pm by
admin
im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.
I have roughly 30 files. I want to be able to edit every $_POST and $_GET
Code: [Select]$value=$_POST['value'];
$value=$_GET['value'];
my instinct would be to edit every file and do it manually
Code: [Select]$value=$_POST['value'];
$value=mysql_real_escape_string($value)
$value=$_GET['value'];
$value=mysql_real_escape_string($value)
but if there was a faster way it would make my life easier. What I would like to do is to maybe create a function i can put at the top of every page or into my global.php which is included into every page that would do something like this
Code: [Select]
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}else{
$value=mysql_real_escape_string($value)
}
i dont intend to have magic quotes on, but other people might on there servers.
I just need every $_POST or $_GET within my script to be automaticly cleaned or filtered from SQL Injections
I saw something a long time ago where it was something they put at the top of there page, this will be completely wrong, but i will give u an example of what it looked like
Code: [Select]$_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map('mysql_real_escape_string', $_REQUEST);
im not to sure how that goes about effecting everything, where to put it, etc
Any ideas or suggestions? Or am I stuck doing it manually.
No comments posted yet
Your Answer:
Login to answer
152 
24 
Other forums
Sufficient protection from bad input?
I am writing a simple script to let people upload 'pages' of their own content, be it simply a few b
PO Release Strategy Issue
Hi Experts,
I am facing an issue related to PO release strategy. The details are-
<
getting Vars to pass to next page.
Hello all,
I have a confusing situation on my hands, i am a member of a gaming community and we
Weird MySQL error, why am I recieving this?
PHP Code:
<?php require "global_settings.php"; ?>
<titl
Output Buffering question
Hi all,
I've been trying to wrap my head around output buffering. So far I've found tons of
how to put the 0-100 numbers into 1.txt and 100-200 into 2.txt ?
how to put the 0-100 numbers into 1.txt and 100-200 into 2.txt and so on 200-300 into file 3.txt ?Dynamic memory problem
Hey,
At the beginning of my code, I have this line:
Shape* gShape = 0;
Reduce redundancies in switch functions?
Hello all! I somewhat new to PHP, and was wondering if anyone could give some suggestions on a swit
Quick fix: Conditional statement with an array
Hi, I'm getting the temperature value off of the Environment Canada website along with the icon file
Delete all files in folder except with certain name
I have a script that I want to delete all files in a folder (taken from a database) except for one n
