question about stripslashes and real_escape_string
Posted on
16th Feb 2014 07:03 pm by
admin
im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.
I have roughly 30 files. I want to be able to edit every $_POST and $_GET
Code: [Select]$value=$_POST['value'];
$value=$_GET['value'];
my instinct would be to edit every file and do it manually
Code: [Select]$value=$_POST['value'];
$value=mysql_real_escape_string($value)
$value=$_GET['value'];
$value=mysql_real_escape_string($value)
but if there was a faster way it would make my life easier. What I would like to do is to maybe create a function i can put at the top of every page or into my global.php which is included into every page that would do something like this
Code: [Select]
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}else{
$value=mysql_real_escape_string($value)
}
i dont intend to have magic quotes on, but other people might on there servers.
I just need every $_POST or $_GET within my script to be automaticly cleaned or filtered from SQL Injections
I saw something a long time ago where it was something they put at the top of there page, this will be completely wrong, but i will give u an example of what it looked like
Code: [Select]$_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map('mysql_real_escape_string', $_REQUEST);
im not to sure how that goes about effecting everything, where to put it, etc
Any ideas or suggestions? Or am I stuck doing it manually.
No comments posted yet
Your Answer:
Login to answer
152 
24 
Other forums
keeps going back to index.html ???????
ok so i started making my site using mostly.html files now i have added a fair chunk of php. My inde
PayPal Redirect Issue
When I have my paypal button set so that is redirects to http://empiremarketing.ca/order.php,it work
Please help understand this code
I noticed the index page on my site was modified this morning and found this code inserted at the bo
Help pulling in 'id' with "read more" link
I'm trying to create snippets of my articles in the cms I'm creating, and then have them redirect to
Product categories for registration
Dear all,
We are going live with the Supplier registered next week. At standard, the 'sel
remove innitial and
tags
i am using tiny_mce as a text editor for my CMS.
buy now the problem is it add <p>
First root of a number
Hi,
I can't find any function in php to give me the first root of a number.
Is there any
user validation always displaying invalid ? please help
Hello,
I have 2 accounts and there is a field in mysql called validated it can be either &quo
How can I Compare two xml documents?
Hi all,
I am doing a POC for my project and I am using XE database 10g version.
ALV sum various columns problem
Hi all,
I'm doing a report on ABAP for a timesheet of the current month. The output i want is s
