SQL Injection


Posted on 16th Feb 2014 07:03 pm by admin

In my attempts to protect my database from mySQL injection I have created another problem for myself....

Currently all user inputted strings go through this function;

Code: function cleanQuery($string)
{
if(get_magic_quotes_gpc())
{
$string = stripslashes($string);
}
$string = mysql_real_escape_string($string);

$string = htmlentities($string);

return $string;
}
In the most, its great HOWEVER... there are three fields which I would like the user to be able to enter spaces in. An "About me" field for example, if it is run through the above function the new lines are replaced with a 'r' which i assume is "created" by the mysql_real_escape.

Question;

1) Should i run the function on every user variable?
2) Is there a safe "fix" or something alternative which i can run on the three fields which may require line breaks.

thanks.

No comments posted yet

Your Answer:

Login to answer
162 Like 9 Dislike
Previous forums Next forums
Other forums

php title problem
Hi,

I am having a problem managing my page title with PHP.

Currently I have my <

Writting a script to arrange images........ need some help
Ok so here is the link

http://hmtotc.com/dev/projects/vrassociates/jeweler_dev/admin/index.ph

Contact Form Not Working When I Add Validation Codes
So I built my first working PHP "Contact Us" like form. But, I have been trying to now mak

Create PHP table grid help, please
I have a MySQL database setup, now it's time for the table (gridview) design in php. Here's the prob

php mysql query from input textbox
Hi,

I have a text box, in that i have given the mysql query. I can able to get the query in v

downloading a file as HTML
Hi.
I'm rather confused with forcing a download. I just want to save dynamic content (from $_SESS

New to Arrays
Hi I am new to PHP (a week and a half now) and I am just beginning to read about arrays. I understan

Create or replace package is ending ORA-21700
Database 9.2.0., patch 8 (9.2.0.8.0).
I trying run
create or replace package ....etc.

Basic Forum Tutorial
Hi, I'm new to PHP. I want to build a basic forum for my site using PHP and MySQL. I've searched t

Page doesn't expand for content
Hi. I've been testing a query I made. It's here http://lapr1.6te.net/inquerito.php
The page doesn

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash