SQL Injection


Posted on 16th Feb 2014 07:03 pm by admin

In my attempts to protect my database from mySQL injection I have created another problem for myself....

Currently all user inputted strings go through this function;

Code: function cleanQuery($string)
{
if(get_magic_quotes_gpc())
{
$string = stripslashes($string);
}
$string = mysql_real_escape_string($string);

$string = htmlentities($string);

return $string;
}
In the most, its great HOWEVER... there are three fields which I would like the user to be able to enter spaces in. An "About me" field for example, if it is run through the above function the new lines are replaced with a 'r' which i assume is "created" by the mysql_real_escape.

Question;

1) Should i run the function on every user variable?
2) Is there a safe "fix" or something alternative which i can run on the three fields which may require line breaks.

thanks.

No comments posted yet

Your Answer:

Login to answer
162 Like 9 Dislike
Previous forums Next forums
Other forums

Email "$"
Hello!!

Any PHP guy with a bit of a knowledge in Flash ?

When I send a JPEG from flash

Populate drop down list from table??
Lets say for arguments sake that i have a table which contains the numbers 1 to 10.
How can i get

Session
I am having a little trouble with a session. Not sure if it is my browser or what. I know I do not

storing video files into mysql in php
hi

i have my video files in my folder ,
i have to store the path of the videos into db an

PHP Thumbnail Creation
Ok so i use this function to create thumbnails:

Code: [Select]function createthumb($name,$fil

passing data from one page to another
hey guys
i have the follwoing code to get information from one page and place on another:

I need help with formatting date from mysql! with php!
Hello guys

*Note: this is a php question not MySQL question, please do not move it to mysql s

HeaderSelectedCssClass not working
I have an accordian where I have a drop down list in the first pane and a grid in the second pane.

How to search for several parameters from objects in a database?
I have a database with lots of information about objects.
Now I would like to search for 4 or 5 p

Cron Job and Output
I have php codes running under a cron job.
But everytime i output (echo) , it comes out as comple

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash