SQL Injection


Posted on 16th Feb 2014 07:03 pm by admin

In my attempts to protect my database from mySQL injection I have created another problem for myself....

Currently all user inputted strings go through this function;

Code: function cleanQuery($string)
{
if(get_magic_quotes_gpc())
{
$string = stripslashes($string);
}
$string = mysql_real_escape_string($string);

$string = htmlentities($string);

return $string;
}
In the most, its great HOWEVER... there are three fields which I would like the user to be able to enter spaces in. An "About me" field for example, if it is run through the above function the new lines are replaced with a 'r' which i assume is "created" by the mysql_real_escape.

Question;

1) Should i run the function on every user variable?
2) Is there a safe "fix" or something alternative which i can run on the three fields which may require line breaks.

thanks.

No comments posted yet

Your Answer:

Login to answer
162 Like 9 Dislike
Previous forums Next forums
Other forums

DateTimeZone::listIdentifiers headache
http://php.net/manual/en/datetimezone.listidentifiers.php


So the documentation states tha

TCP Sending Unsigned Char...
Hi...

I want to send over tcp/ip some data, i have the data in hexadecimal, and when i tr

check how many commas the variable containing the query has between [i]select[/i
Hi...

iv made an sql table that contains id number - name of sql query and an sql query.
T

Update not working ... please help
Hi,

I am trying to update a row using an edit form by passing id of the row .. but it is not

Show specific day of the week
I have been racking my brain trying to get this function to work properly and it is doing so for eve

with clause
hi all, i have a big query that usually access the same table more than once. for example, i have s

How to calculate days from variable date?
This will be easy for one of you gurus. I want to fetch the date from a variable date, for example:<

in php, link returns to the line
When I add a link in a php page, the link word returns to the line (as a
would do)

Examp

add 20 000 to the rowcnt
Hi ...
I need to add 20 000 to the row count but just cant find a way to do this i am new to php

function to return url
Hi,

Can you guys help me giving a function that takes all the contents in a particular field

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash