SQL Injection


Posted on 16th Feb 2014 07:03 pm by admin

In my attempts to protect my database from mySQL injection I have created another problem for myself....

Currently all user inputted strings go through this function;

Code: function cleanQuery($string)
{
if(get_magic_quotes_gpc())
{
$string = stripslashes($string);
}
$string = mysql_real_escape_string($string);

$string = htmlentities($string);

return $string;
}
In the most, its great HOWEVER... there are three fields which I would like the user to be able to enter spaces in. An "About me" field for example, if it is run through the above function the new lines are replaced with a 'r' which i assume is "created" by the mysql_real_escape.

Question;

1) Should i run the function on every user variable?
2) Is there a safe "fix" or something alternative which i can run on the three fields which may require line breaks.

thanks.

No comments posted yet

Your Answer:

Login to answer
162 Like 9 Dislike
Previous forums Next forums
Other forums

displaying unknown amount of results
I am reading a directory and getting a list of folders in the directory, I want to display the folde

PHP Surveys
I really would like some advice.

If you have a client come to you asking for a survey to be d

PHP / MySQL Associative Multidimensional Array:
Hello.

I have data in a MySQL Table that adheres to the below: (note, no index, could add if

Help! refer to a friend script with captcha code
Hi guys, I am posting on here in desperate need for some help with an ongoing search I have been doi

Get dump of MySQL DB from Live Site
I'm after an easy, but secure way of generating and importing a MySQL dump from a remote server.

chat
hello i'm amir i need a chat source code in asp.net 2.0 without Ajax. anybody can help me?

MySql timezone
Code: $sql = "SELECT *, date_format(date, '%m/%d/%Y at %I:%i %p' )as date FROM comments WHERE t

Install page
How do I make it so when a user submits information on the Install page, it'll right it into the cor

Trigger tag in aspx is not coming
hi all ,iam new to ajax, iam using file upload inside the update pannel but right now i want to use

am I using this for loop correctly
Dear buddies!

Right now I am generating a report with some details for all the dealers.

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash