SQL Injection


Posted on 16th Feb 2014 07:03 pm by admin

In my attempts to protect my database from mySQL injection I have created another problem for myself....

Currently all user inputted strings go through this function;

Code: function cleanQuery($string)
{
if(get_magic_quotes_gpc())
{
$string = stripslashes($string);
}
$string = mysql_real_escape_string($string);

$string = htmlentities($string);

return $string;
}
In the most, its great HOWEVER... there are three fields which I would like the user to be able to enter spaces in. An "About me" field for example, if it is run through the above function the new lines are replaced with a 'r' which i assume is "created" by the mysql_real_escape.

Question;

1) Should i run the function on every user variable?
2) Is there a safe "fix" or something alternative which i can run on the three fields which may require line breaks.

thanks.

No comments posted yet

Your Answer:

Login to answer
162 Like 9 Dislike
Previous forums Next forums
Other forums

Send inserts to mysql thru port 80
Hi!

I have an application that must do some inserts in a mysql db. This db is behind a firewa

Query failed issue with php script but works fine in mssql manager!
hi i have the script below which copies data from one table to another but will only insert new data

Passing PHP variables from one page to another
Hello-

I'm having trouble figuring out how to transport a variable from one php file to anoth

Get relative path from absolute path
How would one go about getting the relative path to a file from its absolute path?

Feed Maker
Hi all.
First of all I must say I am not a php developer so I am afraid I don't know much about i

help retrieiving results and doing pagination
Having some trouble trying to get the results to show on more than just one page.

What is ha

ALV grid with 2 headers
Hi Gurus,

I need to display ALV GRID as below.

Header1

EU VAT Package 2010
Does any one know whether SAP will be developing new reporting functionality due the new VAT rules t

MySQL noob question
hi guys

I have a simple mysql table set up, along the lines of

Col 1 - Col 2 - Date_l

Undefined index: username HELP NEWBIE
I am trying a simple login/logout for my website. It works well with checking if the username exists

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash