question about stripslashes and real_escape_string
Posted on
16th Feb 2014 07:03 pm by
admin
im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.
I have roughly 30 files. I want to be able to edit every $_POST and $_GET
Code: $value=$_POST['value'];
$value=$_GET['value'];
my instinct would be to edit every file and do it manually
Code: $value=$_POST['value'];
$value=mysql_real_escape_string($value)
$value=$_GET['value'];
$value=mysql_real_escape_string($value)
but if there was a faster way it would make my life easier. What I would like to do is to maybe create a function i can put at the top of every page or into my global.php which is included into every page that would do something like this
Code:
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}else{
$value=mysql_real_escape_string($value)
}
i dont intend to have magic quotes on, but other people might on there servers.
I just need every $_POST or $_GET within my script to be automaticly cleaned or filtered from SQL Injections
I saw something a long time ago where it was something they put at the top of there page, this will be completely wrong, but i will give u an example of what it looked like
Code: $_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map('mysql_real_escape_string', $_REQUEST);
im not to sure how that goes about effecting everything, where to put it, etc
Any ideas or suggestions? Or am I stuck doing it manually.
No comments posted yet
Your Answer:
Login to answer
291 
25 
Other forums
Passing vars to the DB
I have 3 small testing tables:
ID TYPE
1 pepperoni
2 C. bacon
3 taco
ID TY
FPDF Help
I've been playing with the FPDF module. I was building a form and rolling right along and then sudde
Query issues
I probably have this setup wrong well I know I do because nothing is showing up now. What I want is
PHP5 - Verifying a secure mail is secure
I need to send an e-mail from a form to a external department and because it contains personal custo
Generate multilayered array from string.
ok so i have a string that looks like this:
Code: [Select]blog:edit_all,delete_all|users:edit_all
how to validate date using javascript
I need to validate date in textbox using javascript..
The date is must be not greater than TODAY
PHP5 - AJAX help
I've been following the tutorial on w2schools (http://www.w3schools.com/php/php_ajax_database.asp) a
A href problem under php
Hello...
I tried to explain the issue in an earlier post.. but was not clear enough....
gettext translates ALWAYS?
I'm using gettext with the new version of XAMPP (5.3.0) on Windows Seven RTM (build 7600)
gettext
dropdown menu
Hello everbody,
I am php newbie.
I need to develop a program that once click the drop do
