SQL Injection


Posted on 16th Feb 2014 07:03 pm by admin

In my attempts to protect my database from mySQL injection I have created another problem for myself....

Currently all user inputted strings go through this function;

Code: function cleanQuery($string)
{
if(get_magic_quotes_gpc())
{
$string = stripslashes($string);
}
$string = mysql_real_escape_string($string);

$string = htmlentities($string);

return $string;
}
In the most, its great HOWEVER... there are three fields which I would like the user to be able to enter spaces in. An "About me" field for example, if it is run through the above function the new lines are replaced with a 'r' which i assume is "created" by the mysql_real_escape.

Question;

1) Should i run the function on every user variable?
2) Is there a safe "fix" or something alternative which i can run on the three fields which may require line breaks.

thanks.

No comments posted yet

Your Answer:

Login to answer
162 Like 9 Dislike
Previous forums Next forums
Other forums

How to grab certain words ??
I am working with this API

Returns JSON.
curl http://letsbetrends.com/api/current_trends

Kill a process
I have a question - how can I kill a process from a command line or by using Oracle SQL Developer? I

I need help with formatting date from mysql! with php!
Hello guys

*Note: this is a php question not MySQL question, please do not move it to mysql s

PHP form help required
Hi all! Apologies in advance for having to message the forum for help. I know you must get a lot of

CU&UC guide
Hi Gurus,

can anybody provide me the link for CU&UC upgrade guide

Thanks i

Create comparison matrix?
I want to create a comparison script for forum software and was wondering is there any tutorial or b

Multiple forms on the same page (safari)
Hello everyone,

I have 3 forms on the same page, that opens in a new window and submits to a

Security Exception on pages using AJAX
I am getting the exception: attempted to perform an operation not allowed by the security policy on

SuperCali PHP Event Calendar
does anyone have any experience with the SuperCali PHP Event Calendar? I could use some assistance

Something Non-Traditional. Can we solve?
I have an idea for an application here. It's mostly flash, but it couldn't work without a somewhat n

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash