question about stripslashes and real_escape_string

Posted on 16th Feb 2014 07:03 pm by admin

im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.

I have roughly 30 files. I want to be able to edit every $_POST and $_GET

Code: [Select]$value=$_POST['value'];
$value=$_GET['value'];
my instinct would be to edit every file and do it manually

Code: [Select]$value=$_POST['value'];
$value=mysql_real_escape_string($value)


$value=$_GET['value'];
$value=mysql_real_escape_string($value)

but if there was a faster way it would make my life easier. What I would like to do is to maybe create a function i can put at the top of every page or into my global.php which is included into every page that would do something like this

Code: [Select]
if (get_magic_quotes_gpc()) {

$value = stripslashes($value);
}else{
$value=mysql_real_escape_string($value)

}
i dont intend to have magic quotes on, but other people might on there servers.

I just need every $_POST or $_GET within my script to be automaticly cleaned or filtered from SQL Injections

I saw something a long time ago where it was something they put at the top of there page, this will be completely wrong, but i will give u an example of what it looked like

Code: [Select]$_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map('mysql_real_escape_string', $_REQUEST);

im not to sure how that goes about effecting everything, where to put it, etc

Any ideas or suggestions? Or am I stuck doing it manually.

Your Answer:

Login to answer

Other forums

Curl timeout breaks script
So im having difficulties with skipping timeout error in curl
my script calls different functions

Something like an INI editor or a DelimitedText-Editor
Hi all,

Am very, very, very new to PHP and not sure if I should be posting this to a Javascri

PHP MySQL and DATE
Hi everyone

I have a databse and in one of the columns I have date values such as 2009-March-

Problem with Subscreen
Dear Experts ,
I am facing a problem with the subscreens. My senario is as follows :

Streaming local file from PHP while it’s been written to by a CURL process
I am creating a simple Proxy server for my website. Why I am not using mod_proxy and mod_cache is a

Random date selection
i want to select random date with time(hour+minutes+sec) where date is specified(10/22/2009) and tim

Encrypt php code?
Is it possible to encrypt php code in files,
so that it displays a load of unreadable characters

SAP FICO learning materials
Hi all,
I am new to this world of SAP FICO. I have taken training on SAP FICO, but was wonderin

Display a default image
I am trying to display generic image for items that don't have one, but I can't get it to display.

php code to accept and delete incoming data
Using following HTML Code please show me how to write PHP code to accept and delete the incoming dat