question about stripslashes and real_escape_string

Posted on 16th Feb 2014 07:03 pm by admin

im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.

I have roughly 30 files. I want to be able to edit every $_POST and $_GET

Code: $value=$_POST['value'];
$value=$_GET['value'];
my instinct would be to edit every file and do it manually

Code: $value=$_POST['value'];
$value=mysql_real_escape_string($value)


$value=$_GET['value'];
$value=mysql_real_escape_string($value)

but if there was a faster way it would make my life easier. What I would like to do is to maybe create a function i can put at the top of every page or into my global.php which is included into every page that would do something like this

Code:
if (get_magic_quotes_gpc()) {

$value = stripslashes($value);
}else{
$value=mysql_real_escape_string($value)

}
i dont intend to have magic quotes on, but other people might on there servers.

I just need every $_POST or $_GET within my script to be automaticly cleaned or filtered from SQL Injections

I saw something a long time ago where it was something they put at the top of there page, this will be completely wrong, but i will give u an example of what it looked like

Code: $_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map('mysql_real_escape_string', $_REQUEST);

im not to sure how that goes about effecting everything, where to put it, etc

Any ideas or suggestions? Or am I stuck doing it manually.

Your Answer:

Login to answer

Other forums

Putting double spaces instead of single spaces
Im looking at trying to replace all single spacing between fields with double spacing

At pres

i need help with php header and footer
I have designed a header and footer for my site and they seem to be ok when they are running individ

Encrypt php code?
Is it possible to encrypt php code in files,
so that it displays a load of unreadable characters

Disable Scrollbar in TableControl
Hello everbody,

please can anybody help me - outherwise i'm going to become desperate :P<

Contact Form Not Working When I Add Validation Codes
So I built my first working PHP "Contact Us" like form. But, I have been trying to now mak

TinyMCE / Ajax Postback Problem
Hiya all,

I have a page which loads the TinyMCE editor. On the postback I obviously want to f

how to validate date using javascript
I need to validate date in textbox using javascript..
The date is must be not greater than TODAY

How do I replace any number of character occurences with one occurrence?
How do I replace any number of character occurences with one occurrence?

Let's say I have:

sapgui f4 help last search
I know this has to be simople. One user (maybe more) does not have the "last search saved" from the

Socket programming
Hello all,

I have a PHP socket script. GPS trackers connect to this socket. IMEI verification