question about stripslashes and real_escape_string


Posted on 16th Feb 2014 07:03 pm by admin

im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.

I have roughly 30 files. I want to be able to edit every $_POST and $_GET

Code: $value=$_POST['value'];
$value=$_GET['value'];
my instinct would be to edit every file and do it manually

Code: $value=$_POST['value'];
$value=mysql_real_escape_string($value)


$value=$_GET['value'];
$value=mysql_real_escape_string($value)

but if there was a faster way it would make my life easier. What I would like to do is to maybe create a function i can put at the top of every page or into my global.php which is included into every page that would do something like this

Code:
if (get_magic_quotes_gpc()) {

$value = stripslashes($value);
}else{
$value=mysql_real_escape_string($value)

}
i dont intend to have magic quotes on, but other people might on there servers.

I just need every $_POST or $_GET within my script to be automaticly cleaned or filtered from SQL Injections

I saw something a long time ago where it was something they put at the top of there page, this will be completely wrong, but i will give u an example of what it looked like

Code: $_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map('mysql_real_escape_string', $_REQUEST);

im not to sure how that goes about effecting everything, where to put it, etc

Any ideas or suggestions? Or am I stuck doing it manually.

No comments posted yet

Your Answer:

Login to answer
291 Like 25 Dislike
Previous forums Next forums
Other forums

natcasesort works on one server but not on another
Hi

I have a problem that I was hoping that someone can help me with.

I'm trying to use

search query in mysql in php problem
my search query wont work, i know, that my codes are correct.please help

Code: [Select]&l

IDOC error
Hi, When i send IDOC from ECC system to MII there is no problem ECC side, i says message sent succe

How to limit the calls to an API
Hello, in my simple script I call an api which effectively involves me getting an xml file.

H

Dump with added_funcion cl_salv_table
Hi there, I'm having some troubles adding a self defined function to an ALV in fullscreen. The thing

Can we convert non uni code system into unicode
Hi All,

Presently i am using non-unicode system and the sap version is 4.7.
Can i c

Comparing MySql data and arrays.
I have a mysql table set up like this:
idsubjectbodyuseriddatetimetags1blog subjectblog body111|2

Wrong Info sent Using $get in form
Hi i have this code that i tried to make to send some info from one page to aother with lots of ppls

email CODING Problem
Email coding problem.

I need to send a section of the info to $tf and the same as a Cc to $em

Query failed issue with php script but works fine in mssql manager!
hi i have the script below which copies data from one table to another but will only insert new data

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash