question about stripslashes and real_escape_string
Posted on
16th Feb 2014 07:03 pm by
admin
im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.
I have roughly 30 files. I want to be able to edit every $_POST and $_GET
Code: [Select]$value=$_POST['value'];
$value=$_GET['value'];
my instinct would be to edit every file and do it manually
Code: [Select]$value=$_POST['value'];
$value=mysql_real_escape_string($value)
$value=$_GET['value'];
$value=mysql_real_escape_string($value)
but if there was a faster way it would make my life easier. What I would like to do is to maybe create a function i can put at the top of every page or into my global.php which is included into every page that would do something like this
Code: [Select]
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}else{
$value=mysql_real_escape_string($value)
}
i dont intend to have magic quotes on, but other people might on there servers.
I just need every $_POST or $_GET within my script to be automaticly cleaned or filtered from SQL Injections
I saw something a long time ago where it was something they put at the top of there page, this will be completely wrong, but i will give u an example of what it looked like
Code: [Select]$_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map('mysql_real_escape_string', $_REQUEST);
im not to sure how that goes about effecting everything, where to put it, etc
Any ideas or suggestions? Or am I stuck doing it manually.
No comments posted yet
Your Answer:
Login to answer
152 
24 
Other forums
help, header() is not working!
Hello, I have this code:
<?php
/**
* @author samoi
* @copyright 200
How do i use vars in an array
Hiya peeps!
How do I use a var in an array. You will see $id but it isnt working.
chat
hello i'm amir
i need a chat source code in asp.net 2.0 without Ajax.
anybody can help me?
PHP Search Issue
Hi, I am using the following code to search and return flights from a database. The user searches by
Best way to check for end of a record and send it back to the first record
I'm hoping someone can help me out and explain the best way to accomplish this.
What I'm doin
How to display value in drop down list after form has been reloaded
Please bear with me as I am very new to php and html.
I have a form with several drop down me
phpMailer will not connect using SMTP
I am trying to use phpMailer with smtp:
Code: [Select]$mailer = new PHPMailer();
$mailer-&
Reg Ex
Im trying to search for the string: srv_9 (Dead ???)
I thought to use preg_match, however I d
help with multi-update
Now sure how to ask this really....
10g database if that matters.
I have a customer
Material Issuing for receiving batch
Dear All experts in MM/ PP,
Material issuing from main stores to factory is currently usi
