SQL Injection


Posted on 16th Feb 2014 07:03 pm by admin

In my attempts to protect my database from mySQL injection I have created another problem for myself....

Currently all user inputted strings go through this function;

Code: function cleanQuery($string)
{
if(get_magic_quotes_gpc())
{
$string = stripslashes($string);
}
$string = mysql_real_escape_string($string);

$string = htmlentities($string);

return $string;
}
In the most, its great HOWEVER... there are three fields which I would like the user to be able to enter spaces in. An "About me" field for example, if it is run through the above function the new lines are replaced with a 'r' which i assume is "created" by the mysql_real_escape.

Question;

1) Should i run the function on every user variable?
2) Is there a safe "fix" or something alternative which i can run on the three fields which may require line breaks.

thanks.

No comments posted yet

Your Answer:

Login to answer
162 Like 9 Dislike
Previous forums Next forums
Other forums

Is this possible? If one file assigned to an ID...
I have a page that lists property listings assigned to a specific user (a manage page), with brief t

Send inserts to mysql thru port 80
Hi!

I have an application that must do some inserts in a mysql db. This db is behind a firewa

problems with script
I made a small script wich exchanges points in my website:


<?php
session_start

Month String to Numeric?
Hi guys,

Given a month as a string, is there a simple way to find the numeric representation

How to ask a regex question?
Hi, I thought I'd share some of my insight after seeing too many bad questions that either get ignor

Grouping and sorting results
Please help with this query.

I have 2 tables in a database, countires and cities. states look

MS Exchange 2007 integration with ECC 6.0
Hello Experts,
We have ECC 6.0 and MS Exchange 2007. We need to integrate ECC 6 and MS Excha

Bit manipulation program with binary operations
My homework is to create a program to scan in and add binary numbers and print them like so

show random images
hey guys

can someone please suggest a way in which the following code can be edited so it onl

Date Question
I'm using the TIMESTAMP() function within mysql to set the date/time for certain events. However, ho

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash