question about stripslashes and real_escape_string


Posted on 16th Feb 2014 07:03 pm by admin

im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.

I have roughly 30 files. I want to be able to edit every $_POST and $_GET

Did you know?Explore Trending and Topic pages for more stories like this.
Code: [Select]$value=$_POST['value'];
$value=$_GET['value'];
my instinct would be to edit every file and do it manually

Code: [Select]$value=$_POST['value'];
$value=mysql_real_escape_string($value)


$value=$_GET['value'];
$value=mysql_real_escape_string($value)

but if there was a faster way it would make my life easier. What I would like to do is to maybe create a function i can put at the top of every page or into my global.php which is included into every page that would do something like this

Code: [Select]
if (get_magic_quotes_gpc()) {

$value = stripslashes($value);
}else{
$value=mysql_real_escape_string($value)

}
i dont intend to have magic quotes on, but other people might on there servers.

I just need every $_POST or $_GET within my script to be automaticly cleaned or filtered from SQL Injections

I saw something a long time ago where it was something they put at the top of there page, this will be completely wrong, but i will give u an example of what it looked like

Code: [Select]$_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map('mysql_real_escape_string', $_REQUEST);

im not to sure how that goes about effecting everything, where to put it, etc

Any ideas or suggestions? Or am I stuck doing it manually.
No comments posted yet

Your Answer:

Login to answer
152 Like 24 Dislike
Previous forums Next forums
Other forums

My query is being run with no results.
I have this.

Code: function DropUser($duser_id, $user_email, $user_username) {

A little help needed passing hidden values to next page
I have a page that has hidden values in a form.

example
Code: <input name='signupID

Unable to retreve the values from Mysql Query
Hi,

Here is the php code that I have, Query is running properly in phpmyadmin and is resu

Strange PHP/mySQL error ... am I just tired?
Code: <?

## CONNECT TO DB FUNCTION!
function ConnectTo($db2con)
{
$hostNam

php require help needed
Ok i tried to use the search funtion but the word require is everywhere.

i'm really new to cr

How to use php and sql to check if values match the ones in a table (for logins)
How would I code it that the script takes two variables that are passed to it (UserID and PIN), and

Fetching META TAGS through
Hello everybody
I want to fetch meta tags of a domain.
It will be done from following code of

passing data from one page to another
hey guys
i have the follwoing code to get information from one page and place on another:

present value of sequence?
Hi

Please help me to find out the present value of sequence?

Thanks

Upload, SSL and more php help
I recently just installed a ssl cert and do i use https for the whole site or just for the checkout.

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash