SQL Injection


Posted on 16th Feb 2014 07:03 pm by admin

In my attempts to protect my database from mySQL injection I have created another problem for myself....

Currently all user inputted strings go through this function;

Code: function cleanQuery($string)
{
if(get_magic_quotes_gpc())
{
$string = stripslashes($string);
}
$string = mysql_real_escape_string($string);

$string = htmlentities($string);

return $string;
}
In the most, its great HOWEVER... there are three fields which I would like the user to be able to enter spaces in. An "About me" field for example, if it is run through the above function the new lines are replaced with a 'r' which i assume is "created" by the mysql_real_escape.

Question;

1) Should i run the function on every user variable?
2) Is there a safe "fix" or something alternative which i can run on the three fields which may require line breaks.

thanks.

No comments posted yet

Your Answer:

Login to answer
162 Like 9 Dislike
Previous forums Next forums
Other forums

Echo Tweaking help!
HI. I would like to have the output of the entered variables repeat forever, but it's stopping at th

GET vs SUBMIT Button to show sections on one index.php page?
Just curious if one of these ways is better (i.e. more efficient) than the other.

I have a

Help: problem with Headers to download PDF file
Hi,

I'm trying to implement a script where when a user clicks a link he gets a PDF file to op

count only commas outside parenteses
I have a sql table containing
id - query - query name
the first page contains a drop down men

Final year project, please point me in the right direction
hi there for my final year project I'm aiming to build a php script shell to use as an expert system

pls clear my confusion
Hi friends,

Pls solve my query .

what is the exact use of Scope Resolution Operator( i

extract data
Code: <div class="post hentry uncustomized-post-template">

couldn't connect to your database
Hello I am new to php mysql

Actually i have read A tutorial on nettuts
"http://net.tu

C++ Http request?
Code: string Response = "LOGIN_UNSUCCESSFUL"; System.Net.WebRequest request = Sy

utf8_general_ci error ??
I have all kinds of data to be inserted in database table

//I am getting this error

Yo

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash