question about stripslashes and real_escape_string

Posted on 16th Feb 2014 07:03 pm by admin

im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.

I have roughly 30 files. I want to be able to edit every $_POST and $_GET

Code: $value=$_POST['value'];
$value=$_GET['value'];
my instinct would be to edit every file and do it manually

Code: $value=$_POST['value'];
$value=mysql_real_escape_string($value)


$value=$_GET['value'];
$value=mysql_real_escape_string($value)

but if there was a faster way it would make my life easier. What I would like to do is to maybe create a function i can put at the top of every page or into my global.php which is included into every page that would do something like this

Code:
if (get_magic_quotes_gpc()) {

$value = stripslashes($value);
}else{
$value=mysql_real_escape_string($value)

}
i dont intend to have magic quotes on, but other people might on there servers.

I just need every $_POST or $_GET within my script to be automaticly cleaned or filtered from SQL Injections

I saw something a long time ago where it was something they put at the top of there page, this will be completely wrong, but i will give u an example of what it looked like

Code: $_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map('mysql_real_escape_string', $_REQUEST);

im not to sure how that goes about effecting everything, where to put it, etc

Any ideas or suggestions? Or am I stuck doing it manually.

Your Answer:

Login to answer

Other forums

how do I show what a user have selected from a checkbox?
From my code below, how would i show which check boxes have been checked and which radio buttons sel

Help with translating C code into assembler code
Hi im doing a project that moves a robot around a maze avoiding walls and need some help with conver

HTML Email rec'd as Source Code
The code does create and send the email successfully. However, the message shows as html code and n

why preg_match_all does not return the number of matches
My regex looks like

X[^x{4e00}-x{9fa5}]*Y

(where X and Y are two Chinese characters)

IS this code correct
The reason i ask is everything underneath it appears to be alink as well, tis blimmin annoying

Forms Authentication and Refresh at Login page
Hello, When I try to press the Login button in my webapplication at my login.aspx page nothing h

trim function issues
Hi guys, total noob here...

So I've been tinkering around with a html and am using php to em

BI in Upstream Production operations
Appreciate if you can assist in the following areas:
1) Examples of life before and after BI i

Session problem?!?
Hello All! I am very new to the php world but I am working on fixing things that a previous programm

IIS7 and getimagesize() problem
I have just discovered after hrs of trying to fix a problem where it's coming from. It's to do with