question about stripslashes and real_escape_string

Posted on 16th Feb 2014 07:03 pm by admin

im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.

I have roughly 30 files. I want to be able to edit every $_POST and $_GET

Code: $value=$_POST['value'];
$value=$_GET['value'];
my instinct would be to edit every file and do it manually

Code: $value=$_POST['value'];
$value=mysql_real_escape_string($value)


$value=$_GET['value'];
$value=mysql_real_escape_string($value)

but if there was a faster way it would make my life easier. What I would like to do is to maybe create a function i can put at the top of every page or into my global.php which is included into every page that would do something like this

Code:
if (get_magic_quotes_gpc()) {

$value = stripslashes($value);
}else{
$value=mysql_real_escape_string($value)

}
i dont intend to have magic quotes on, but other people might on there servers.

I just need every $_POST or $_GET within my script to be automaticly cleaned or filtered from SQL Injections

I saw something a long time ago where it was something they put at the top of there page, this will be completely wrong, but i will give u an example of what it looked like

Code: $_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map('mysql_real_escape_string', $_REQUEST);

im not to sure how that goes about effecting everything, where to put it, etc

Any ideas or suggestions? Or am I stuck doing it manually.

Your Answer:

Login to answer

Other forums

Timer control causing error
I recently decided to add a timer control to an existing page that uses AJAX on my site. As soon as

Best way to read this text file.
Hi.I am planning to make a small application in C# to convert the players from Football manager 2010

Undefined Variable: PHP_SELF, pls help
Hi,

Im a newbie on PHP / MySQL programming and Im running a script to search one field on my

Automatically Detect Phone Model for WAP Jar Deployment
Making a wap site is fairly simple, but I'd like to know if there's a way to make it so that the wap

Google Map
I have done Google Map Integration for one my project. But for that we need the "latitude and l

Why is this function returning a false value when it shouldn't be??
This is in an include file. I want it to check a value in an html form and see if it's just white s

Add User script "Could not execute query"
This should be an easy script but I can't get it to run. Can someone please help me?

<

Having problemswith multithreading and prime numbers
I have an assignment when I'm suppose to do the following:

Write a multithreaded Java, Pt

count only commas outside parenteses
I have a sql table containing
id - query - query name
the first page contains a drop down men

Random date selection
i want to select random date with time(hour+minutes+sec) where date is specified(10/22/2009) and tim