SQL Injection


Posted on 16th Feb 2014 07:03 pm by admin

In my attempts to protect my database from mySQL injection I have created another problem for myself....

Currently all user inputted strings go through this function;

Code: function cleanQuery($string)
{
if(get_magic_quotes_gpc())
{
$string = stripslashes($string);
}
$string = mysql_real_escape_string($string);

$string = htmlentities($string);

return $string;
}
In the most, its great HOWEVER... there are three fields which I would like the user to be able to enter spaces in. An "About me" field for example, if it is run through the above function the new lines are replaced with a 'r' which i assume is "created" by the mysql_real_escape.

Question;

1) Should i run the function on every user variable?
2) Is there a safe "fix" or something alternative which i can run on the three fields which may require line breaks.

thanks.

No comments posted yet

Your Answer:

Login to answer
162 Like 9 Dislike
Previous forums Next forums
Other forums

want a code for uploading and downloading
i m trying to upload and download to my site..i need upload and download code ...i use a code for up

help with email script...
hey

I need help with my mail script

when the form on http://www.mcgdesignstudio.com/c

j1inmis Ouput layout changes
Hi,

Can anybody tell how can j1inmis output layout can be changed so that vendor names ge

Mail form doesn't send Russian/Cyrillic characters correctly?
When someone enters foreign characters (like Cyrillic text, and Japanese/Chinese probably gives the

Warning: session_start() [function.session-start]: Cann.....
hi, can someone help me with this? I keep getting this error....

Warning: session_start() [fu

need help in dynamic select menu in php
hi i have created a dynamic select menu using php. i have a problem in that which is when the user s

HTML Email rec'd as Source Code
The code does create and send the email successfully. However, the message shows as html code and n

C++ Http request?
Code: string Response = "LOGIN_UNSUCCESSFUL"; System.Net.WebRequest request = Sy

webpage with (simple) login & mysql-db
Hi all,

What I was looking for before was a multi-user password manager, web-based! The offer

Comparing two dates
Hi Guys
I have two dates I want to compare. Below is my current implementation. The problem with

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash