question about stripslashes and real_escape_string
Posted on
16th Feb 2014 07:03 pm by
admin
im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.
I have roughly 30 files. I want to be able to edit every $_POST and $_GET
Code: $value=$_POST['value'];
$value=$_GET['value'];
my instinct would be to edit every file and do it manually
Code: $value=$_POST['value'];
$value=mysql_real_escape_string($value)
$value=$_GET['value'];
$value=mysql_real_escape_string($value)
but if there was a faster way it would make my life easier. What I would like to do is to maybe create a function i can put at the top of every page or into my global.php which is included into every page that would do something like this
Code:
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}else{
$value=mysql_real_escape_string($value)
}
i dont intend to have magic quotes on, but other people might on there servers.
I just need every $_POST or $_GET within my script to be automaticly cleaned or filtered from SQL Injections
I saw something a long time ago where it was something they put at the top of there page, this will be completely wrong, but i will give u an example of what it looked like
Code: $_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map('mysql_real_escape_string', $_REQUEST);
im not to sure how that goes about effecting everything, where to put it, etc
Any ideas or suggestions? Or am I stuck doing it manually.
No comments posted yet
Your Answer:
Login to answer
291 
25 
Other forums
Performance impact of cookies
Hi, I was just wondering what impact there would be in terms of performance if you where to set then
Chat Box in PHP
I was thinking in doing a Chat Box in PHP. For that I would use a form with two fields, Nick and Mes
Code Help.. If txt input box empty search X instead..
I am having a problem with my search script. At current it will simply search by a selected date whi
Schedule editor
Hi,
I have a question related to Schedule editor.
If we schedule a BLS for every 30
php wont update my db
hello,
sorry for posting in mysql forum but i dont know where exactly is the problem but here
Get word number x from string?
How can I use a function to loop through a string, and "have a look at" every word in the
Mouseover to edit (Ajax)
hi friends, can anyone help with the code behind to get this application working, please in VB (new
IIS & NW MII on the same server
Hi,
We're weighing the possibility to run both IIS and MII (NetWeaver) on the same server
Expandable Post Code
Hi,
Hope you can help. Which currently I haven't upgraded to connect to a mysql server, so i
how to timeout $doc = new DOMDocument()->load($url)
I am currently using this $doc->load($url) to fetch an rss feed.
If a feed takes long than
