question about stripslashes and real_escape_string

Posted on 16th Feb 2014 07:03 pm by admin

im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.

I have roughly 30 files. I want to be able to edit every $_POST and $_GET

Code: $value=$_POST['value'];
$value=$_GET['value'];
my instinct would be to edit every file and do it manually

Code: $value=$_POST['value'];
$value=mysql_real_escape_string($value)


$value=$_GET['value'];
$value=mysql_real_escape_string($value)

but if there was a faster way it would make my life easier. What I would like to do is to maybe create a function i can put at the top of every page or into my global.php which is included into every page that would do something like this

Code:
if (get_magic_quotes_gpc()) {

$value = stripslashes($value);
}else{
$value=mysql_real_escape_string($value)

}
i dont intend to have magic quotes on, but other people might on there servers.

I just need every $_POST or $_GET within my script to be automaticly cleaned or filtered from SQL Injections

I saw something a long time ago where it was something they put at the top of there page, this will be completely wrong, but i will give u an example of what it looked like

Code: $_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map('mysql_real_escape_string', $_REQUEST);

im not to sure how that goes about effecting everything, where to put it, etc

Any ideas or suggestions? Or am I stuck doing it manually.

Your Answer:

Login to answer

Other forums

breaking a text file into paragraphs based on strings
I have a text file of email addresses that is all squished together. It looks like this:

abc

Not capturing all the information we require in the form.......
Hi Guys,

I was wondering if you would share some more of your knowledge today, I'm hoping it

image upload script not working with png
The basic process of this php code is to take the submitted file, convert it to a small JPG thumbnai

php/xmlrpc class issue
I am working on xml-rpc in php to start with.

I have a class that only has variables defined

get the country of visitor and display content based on that
Hello all,

I have seen that Google analytics can tell you where a visitor is coming from and

Multiple while loops
I have several DB queries that I know should be returning results and aren't. I have a feeling it ha

help with Get_
ok some how this is not working i am not sure what i am doing wrong here but what this does is when

SAP Business Suite
Hi all:

Within the SAP Business Suite solution I would like to ask you the main differenc

array_combine() trouble w/csv file
I have a problem with a piece of code I wrote to import some records from a csv file into mysql. I h

Printing a webpage
I use this to print the webpage: o