SQL Injection


Posted on 16th Feb 2014 07:03 pm by admin

In my attempts to protect my database from mySQL injection I have created another problem for myself....

Currently all user inputted strings go through this function;

Code: function cleanQuery($string)
{
if(get_magic_quotes_gpc())
{
$string = stripslashes($string);
}
$string = mysql_real_escape_string($string);

$string = htmlentities($string);

return $string;
}
In the most, its great HOWEVER... there are three fields which I would like the user to be able to enter spaces in. An "About me" field for example, if it is run through the above function the new lines are replaced with a 'r' which i assume is "created" by the mysql_real_escape.

Question;

1) Should i run the function on every user variable?
2) Is there a safe "fix" or something alternative which i can run on the three fields which may require line breaks.

thanks.

No comments posted yet

Your Answer:

Login to answer
162 Like 9 Dislike
Previous forums Next forums
Other forums

Character Sets/Collations Stuff
Can someone please give me a check list of things I must do to setup all the charset stuff for my ph

serializing objects - loses methods - the point being?
Hi

I know that serializing an object will lose the methods. But whats the point in that? What

gmmktime or mktime
I live in the UK, i am within the GMT (with daylight saving time ie 1 hour difrence between summer a

Oracle11g Patch issue
Hi all,

I'm getting the following error while installing Oracle11g Patch 11.1.0.7.0 on IBM-AI

Form always sends to error page...
Hello,
Any help will be greatly appreciated. I am having trouble getting multiple fields to be re

need help in dynamic select menu in php
hi i have created a dynamic select menu using php. i have a problem in that which is when the user s

Creating a unique 'control panel' for each user
Hi there,

I'm thinking of designing a site that will allow users to sign up and have their ow

PO Release Strategy Issue
Hi Experts,

I am facing an issue related to PO release strategy. The details are-
<

Data type mismatch
Hi,
I am migrating data from algol to c.I mapped real datatype in algol to double datatype in

Linux socket programming
Where can I find a good introduction to socket programming?

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash