SQL Injection


Posted on 16th Feb 2014 07:03 pm by admin

In my attempts to protect my database from mySQL injection I have created another problem for myself....

Currently all user inputted strings go through this function;

Code: function cleanQuery($string)
{
if(get_magic_quotes_gpc())
{
$string = stripslashes($string);
}
$string = mysql_real_escape_string($string);

$string = htmlentities($string);

return $string;
}
In the most, its great HOWEVER... there are three fields which I would like the user to be able to enter spaces in. An "About me" field for example, if it is run through the above function the new lines are replaced with a 'r' which i assume is "created" by the mysql_real_escape.

Question;

1) Should i run the function on every user variable?
2) Is there a safe "fix" or something alternative which i can run on the three fields which may require line breaks.

thanks.

No comments posted yet

Your Answer:

Login to answer
162 Like 9 Dislike
Previous forums Next forums
Other forums

Using unserialize()
Hi there.

I have some data in my database that is serialized.

e.g.

a:2:{i:0

Is STL important?
I'm just starting programming and I've made it until the Standart Template Library. But the chapter

Multiple submit forms inside a mysql array page
Hi all,

Im having trouble to get the beneath script to work the thing i can't seem to get wor

mr8m - reverse document
Friends,

I'm trying to reverse a document held by MIRO, but it reports the message balan

getAlexaRank($url) function not working
I have made a function to get alexa rank
the site is here: http://mytestsite.rack111.com/1

media recovery
Hi,
i startup the database i got the error

SQL> startup
ORACLE instance started.

image upload, resize THEN submit form
Ok so I have a form that requires the user to upload an image, and then do something with that image

Tournament Brackets (Double Elimination)?
Is making a double elimination tournament style bracket system capable of being done in php?

HTML Form Server Side Validation
Hi, Im new here, im currently doing a website for a friend, and I have designed using snippets from

Final year project, please point me in the right direction
hi there for my final year project I'm aiming to build a php script shell to use as an expert system

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash