SQL Injection


Posted on 16th Feb 2014 07:03 pm by admin

In my attempts to protect my database from mySQL injection I have created another problem for myself....

Currently all user inputted strings go through this function;

Code: function cleanQuery($string)
{
if(get_magic_quotes_gpc())
{
$string = stripslashes($string);
}
$string = mysql_real_escape_string($string);

$string = htmlentities($string);

return $string;
}
In the most, its great HOWEVER... there are three fields which I would like the user to be able to enter spaces in. An "About me" field for example, if it is run through the above function the new lines are replaced with a 'r' which i assume is "created" by the mysql_real_escape.

Question;

1) Should i run the function on every user variable?
2) Is there a safe "fix" or something alternative which i can run on the three fields which may require line breaks.

thanks.

No comments posted yet

Your Answer:

Login to answer
162 Like 9 Dislike
Previous forums Next forums
Other forums

HTAccess auto log in?
Hi all.

Too busy driving celebs about lately so I hope someone here can help me out.

I

How to copy a part of a vector in a raw memory
Hi,

How can I copy a part of a vector into a memory:

1
2
3
4
5

Anti Spam Code Problems
Ok where do i start? Probably by telling you I have very little working knowledge of PHP and that I

Issues: PHP Forms -Clearing
I've tried looking online before actually asking for help, but I've been looking for about the past

Is this possible? If one file assigned to an ID...
I have a page that lists property listings assigned to a specific user (a manage page), with brief t

help with database debug pls
Parse error: syntax error, unexpected T_ELSE in /home/content/m/e/s/mesick/html/students/05/php/chec

serializing objects - loses methods - the point being?
Hi

I know that serializing an object will lose the methods. But whats the point in that? What

help with insert
Hi there,

I am trying to insert some data into a database, but for some reason, it is not ins

Results from Db outputted twice
Hey guys.. for come reason my data is outputted twise shown in the image below and i cant figure out

The IE or FF detector
Hello Friends,

Problem of today ( we seek for php help ) as following ,

we know all th

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash