SQL Injection


Posted on 16th Feb 2014 07:03 pm by admin

In my attempts to protect my database from mySQL injection I have created another problem for myself....

Currently all user inputted strings go through this function;

Code: function cleanQuery($string)
{
if(get_magic_quotes_gpc())
{
$string = stripslashes($string);
}
$string = mysql_real_escape_string($string);

$string = htmlentities($string);

return $string;
}
In the most, its great HOWEVER... there are three fields which I would like the user to be able to enter spaces in. An "About me" field for example, if it is run through the above function the new lines are replaced with a 'r' which i assume is "created" by the mysql_real_escape.

Question;

1) Should i run the function on every user variable?
2) Is there a safe "fix" or something alternative which i can run on the three fields which may require line breaks.

thanks.

No comments posted yet

Your Answer:

Login to answer
162 Like 9 Dislike
Previous forums Next forums
Other forums

Operator precedence assistance.
I did a quick Google search and couldn't quite find the answer I wanted in terms I could understand,

do while...woes
I'm sure this is childsplay but it is stumping me, everytime i try what I think would make this work

need help with php get
i have a option box that gets filled with dates, but how do i get once the option value has been cli

insert mysql embeded videos as blobs?
Using TinyMCE my client will be able to embed images and flash videos into large columns of text whi

Asset Transfer from One plant to another within same company code
Hi,

Please advise how to transfer one asset from one plant to another plant within same c

natcasesort works on one server but not on another
Hi

I have a problem that I was hoping that someone can help me with.

I'm trying to use

MySQL Primary key gap
Alright, so I have a table with 26 entries in it (id, filename, caption) for my image randomiser (ht

controlling/creating accounts with privileges
hi all,
i'm trying to figure out how i can create/control account with privileges, for instance a

Unable to retreve the values from Mysql Query
Hi,

Here is the php code that I have, Query is running properly in phpmyadmin and is resu

My XSRF Prevention code isn't working
First of all, thanks for the generous help you guys have given me in the past on this forum.
Seco

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash