SQL Injection


Posted on 16th Feb 2014 07:03 pm by admin

In my attempts to protect my database from mySQL injection I have created another problem for myself....

Currently all user inputted strings go through this function;

Code: function cleanQuery($string)
{
if(get_magic_quotes_gpc())
{
$string = stripslashes($string);
}
$string = mysql_real_escape_string($string);

$string = htmlentities($string);

return $string;
}
In the most, its great HOWEVER... there are three fields which I would like the user to be able to enter spaces in. An "About me" field for example, if it is run through the above function the new lines are replaced with a 'r' which i assume is "created" by the mysql_real_escape.

Question;

1) Should i run the function on every user variable?
2) Is there a safe "fix" or something alternative which i can run on the three fields which may require line breaks.

thanks.

No comments posted yet

Your Answer:

Login to answer
162 Like 9 Dislike
Previous forums Next forums
Other forums

Script not running properly
Hello Everyone
This is a basic script for posting to a database. I'm not sure why it doesn't work

Just a white page
Okay so, my website, when I click SignUp on it it takes me to /join.php but its a complete white pag

firefox wouldnt stream mp3 files completely from my php page
hi everyone,
I have a php file trying to read and stream mp3 files. It works fine in IE but my pr

how to remove in php string display
My code is $message="We're looking at developing our website."; $body= "My mess

asking for direction
I have 2 tables in my data, which are "post" and "event"
I won't make a summa

Uploading Filetypes and placing them in seperate folders.
Hello,

first post , and asking for help im afraid. Very new to PHP, was making good progress

Any Good MMORPGs you've played?
I'm about to have ALOT of free time on my hands (finished highschool) and I need something to fill t

PHP MySQL Return Results Issue
Hi guys,

I'm running joomla and made a module which is using ajax.
Basically i just have a

Passing JS to PHP
So I have the following
Code: <?php
getdetails(?><script type="text/

media recovery
Hi,
i startup the database i got the error

SQL> startup
ORACLE instance started.

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash