SQL Injection


Posted on 16th Feb 2014 07:03 pm by admin

In my attempts to protect my database from mySQL injection I have created another problem for myself....

Currently all user inputted strings go through this function;

Code: function cleanQuery($string)
{
if(get_magic_quotes_gpc())
{
$string = stripslashes($string);
}
$string = mysql_real_escape_string($string);

$string = htmlentities($string);

return $string;
}
In the most, its great HOWEVER... there are three fields which I would like the user to be able to enter spaces in. An "About me" field for example, if it is run through the above function the new lines are replaced with a 'r' which i assume is "created" by the mysql_real_escape.

Question;

1) Should i run the function on every user variable?
2) Is there a safe "fix" or something alternative which i can run on the three fields which may require line breaks.

thanks.

No comments posted yet

Your Answer:

Login to answer
162 Like 9 Dislike
Previous forums Next forums
Other forums

LinkedList help
Ok so I just learned quickly about lists, so I have a not too hard project I think, but am having a

help finding hacking loopholes
i was attacked by a redirect php injection

my pc is clean of viruses

so i figure that

How to generate a random array of integers subject to a certain constraint
I am writing a program that asks the user to enter an integer N and then generates a random array of

show the direct link into href
I want to display link on the page. i am fetching the data(URL) from database,actually before that i

Images in email problem
I found this script for sending emails, it works but if the email has <img src="image.jp

please, need help coding this voting for your favorite car polling system.
hi, my code needs a lot of work, but i want to be able to let users vote on their favorite car, upda

IF Statement & Two Tables With Different Echoes
I'm retrieving two tables in a single query using UNION ALL, like so:

Code: $query = "SE

Stopping page post back
I have few literal contriols in my page and a repeater too. But inspite of using update panel, postb

php sessions,logouts & the bloomin back button!
Hi All,

I've got a cms that members can log into. When they logout, the session is destroyed,

phpMailer not working ..........
HI,
I was playing with the phpMailer script and tried to send a smiple mail using their test scri

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash