question about stripslashes and real_escape_string
Posted on
16th Feb 2014 07:03 pm by
admin
im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.
I have roughly 30 files. I want to be able to edit every $_POST and $_GET
Code: $value=$_POST['value'];
$value=$_GET['value'];
my instinct would be to edit every file and do it manually
Code: $value=$_POST['value'];
$value=mysql_real_escape_string($value)
$value=$_GET['value'];
$value=mysql_real_escape_string($value)
but if there was a faster way it would make my life easier. What I would like to do is to maybe create a function i can put at the top of every page or into my global.php which is included into every page that would do something like this
Code:
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}else{
$value=mysql_real_escape_string($value)
}
i dont intend to have magic quotes on, but other people might on there servers.
I just need every $_POST or $_GET within my script to be automaticly cleaned or filtered from SQL Injections
I saw something a long time ago where it was something they put at the top of there page, this will be completely wrong, but i will give u an example of what it looked like
Code: $_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map('mysql_real_escape_string', $_REQUEST);
im not to sure how that goes about effecting everything, where to put it, etc
Any ideas or suggestions? Or am I stuck doing it manually.
No comments posted yet
Your Answer:
Login to answer
291 
25 
Other forums
Deleting a record php
Attempting to setup delete a record page. The below code I put together doesn't seem to work.
PHP, jAVASCRIPT setting input values, why isn't it working?
Hi:
I am calling this javascript:
<script language="javascript"> Cannot Display Array from Select Statement + Login question
Hi,
I'm new to PHP but so far so goog. I was assigend a project and I'm very close to completion.
Putting double spaces instead of single spaces
Im looking at trying to replace all single spacing between fields with double spacing
At pres
Need help/w Page: 1,2,3,4 function!
So I have this code im working on where it's ment to display seperate pages having 20 logs each
I
Solution Manager BPR
Does the SolMan-BPR-ARIS-Integration (http://www.ids-scheer.com/en/ARIS/ARIS_Platform/ARIS_Business_
PHP5/Zend 2.0 - Resources
PHP5 Snapshots
http://snaps.php.net/
ZEND 2.0 Feature Overview and Design (PDF File
Dynamic links in an include file
I am working on a small piece of code that counts records from a database and displays the result to
Sessions work for me and not others?
I'm having a bit of bad luck with sessions. In the past they have worked fine for me, but this time
Class not found error
I am getting Class 'index' not found in Eval function:
//write config
$pat
