question about stripslashes and real_escape_string
Posted on
16th Feb 2014 07:03 pm by
admin
im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.
I have roughly 30 files. I want to be able to edit every $_POST and $_GET
Code: $value=$_POST['value'];
$value=$_GET['value'];
my instinct would be to edit every file and do it manually
Code: $value=$_POST['value'];
$value=mysql_real_escape_string($value)
$value=$_GET['value'];
$value=mysql_real_escape_string($value)
but if there was a faster way it would make my life easier. What I would like to do is to maybe create a function i can put at the top of every page or into my global.php which is included into every page that would do something like this
Code:
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}else{
$value=mysql_real_escape_string($value)
}
i dont intend to have magic quotes on, but other people might on there servers.
I just need every $_POST or $_GET within my script to be automaticly cleaned or filtered from SQL Injections
I saw something a long time ago where it was something they put at the top of there page, this will be completely wrong, but i will give u an example of what it looked like
Code: $_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map('mysql_real_escape_string', $_REQUEST);
im not to sure how that goes about effecting everything, where to put it, etc
Any ideas or suggestions? Or am I stuck doing it manually.
No comments posted yet
Your Answer:
Login to answer
291 
25 
Other forums
Not adding to db
Hi, I can't figure out why it won't add the record to the database. It's just a simple form to get
Displaying an image using echo command
I had done a query on my database, one of the fields being an image reference to a directory where a
mysqli_fetch_assoc returns multiple arrays, how to return a single array
Hello, I am using mysqli_fetch_assoc which is returning multiple rows, so it looks like:
Code
Drawing Images in classes
I'm quite new to Object Oriented PHP. What I'm trying to do is draw some images but also have other
Please Help my PHP Dating Function.
Hi everyone!
Well here is my code that displays this:
It works wonderful.
List/Menu Box
On an edit page when you want something to select what a user has previously selected from the datab
How a counter of users ? such as ---> (231 Viewing)
I want to count how many users are actually viewing the page, How is that possible?
Thank you guy
Getting Resource id #11 while trying to connect..
So i tried using "DEFINE" for the first time and im using the variables i defined to conne
calendar dates and hours compare problem
i have a calendar in wordpress, everything works great except that i can make 2 meetings at the same
Ten Operator Syntax
Hi Guys,
I can't figure out why i am getting a parse error with this basic ten op code:
