SQL Injection


Posted on 16th Feb 2014 07:03 pm by admin

In my attempts to protect my database from mySQL injection I have created another problem for myself....

Currently all user inputted strings go through this function;

Code: function cleanQuery($string)
{
if(get_magic_quotes_gpc())
{
$string = stripslashes($string);
}
$string = mysql_real_escape_string($string);

$string = htmlentities($string);

return $string;
}
In the most, its great HOWEVER... there are three fields which I would like the user to be able to enter spaces in. An "About me" field for example, if it is run through the above function the new lines are replaced with a 'r' which i assume is "created" by the mysql_real_escape.

Question;

1) Should i run the function on every user variable?
2) Is there a safe "fix" or something alternative which i can run on the three fields which may require line breaks.

thanks.

No comments posted yet

Your Answer:

Login to answer
162 Like 9 Dislike
Previous forums Next forums
Other forums

Displaying Column Names
I have a question regarding the ability to show the column names from my table/query.
What I'm lo

Remore client postprocessing phase getting dump SAPSQL_ARRAY_INSERT_DUPREC
Hello Expects,I have started remore client copy. Data was copied successfully. but while running pos

Mail Script Problems
I have created a PHP mail script. I am having a problem though. In $body i am trying to put two va

http to https
Hi,

Is there any specific method/condition to move an http:// page to https:// ?

Mysql error message
help me find out what this error message means:

"Duplicate entry '0' for key 'PRIMARY'&q

Mail Form receiving emails with no content
Hi, I hope someone here can help me.
I have a simple form in my website, it was working OK, after

Simple PHP/Java Help..
Hi,
I'm trying to build a little program to do with calculating postage. Unfortunately i haven't

Delete all files in folder except with certain name
I have a script that I want to delete all files in a folder (taken from a database) except for one n

Web Application Recipe
Hi Guys!

I am working with the Web Application recipes. I am currently working on the sen

SAP Logon Failed
I tried to login to SAP through MMC.

When i click start and give password.

it

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash