question about stripslashes and real_escape_string
Posted on
16th Feb 2014 07:03 pm by
admin
im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.
I have roughly 30 files. I want to be able to edit every $_POST and $_GET
Code: $value=$_POST['value'];
$value=$_GET['value'];
my instinct would be to edit every file and do it manually
Code: $value=$_POST['value'];
$value=mysql_real_escape_string($value)
$value=$_GET['value'];
$value=mysql_real_escape_string($value)
but if there was a faster way it would make my life easier. What I would like to do is to maybe create a function i can put at the top of every page or into my global.php which is included into every page that would do something like this
Code:
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}else{
$value=mysql_real_escape_string($value)
}
i dont intend to have magic quotes on, but other people might on there servers.
I just need every $_POST or $_GET within my script to be automaticly cleaned or filtered from SQL Injections
I saw something a long time ago where it was something they put at the top of there page, this will be completely wrong, but i will give u an example of what it looked like
Code: $_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map('mysql_real_escape_string', $_REQUEST);
im not to sure how that goes about effecting everything, where to put it, etc
Any ideas or suggestions? Or am I stuck doing it manually.
No comments posted yet
Your Answer:
Login to answer
291 
25 
Other forums
Oracle Connectivity
Hi Every One,
Can we access SAP from oracle database.If it possible then please spec
comparing tables across databases sql refinement ideas required
Hi all
Via pl/sql I need to ensure that data between tables in different databases match
Adding Outlook 2007 items via file upload
I am looking for a way to be able to attach an Outlook item (an email message) in an ASP.NET 3.5 app
Ajax not working on IE 6 for Windows CE
I've created a webpage which uses the classis Ajax in following format:view plaincopy to clipboardpr
Execure stored procedure on a timer
Can someone tell me an easier way to execute a stored procedure on a timer? I am using Oracle 10g R
WS-Security PL/SQL Forms
Oracle Database 10g Enterprise Edition Release 10.2.0.2.0 - Prod
PL/SQL Release 10.2.0.2.0 - P
Why does this file not return file names that start with numbers?
This file returns a list of filenames to help populate a drop down in my form. For some reason it ig
Mail functionality from localhost to server
Hi
I am facing problem of mail functionality.
When i tested mail functionality in my
HTML form problem
Ive made a form to that i want to send to my email via PHP. but when it send only the name's etc sen
Form help: Syntax & Logic
Hello again all,
I'm working on a form and ran into a wall (again) and can't seem to think th
