SQL Injection


Posted on 16th Feb 2014 07:03 pm by admin

In my attempts to protect my database from mySQL injection I have created another problem for myself....

Currently all user inputted strings go through this function;

Code: function cleanQuery($string)
{
if(get_magic_quotes_gpc())
{
$string = stripslashes($string);
}
$string = mysql_real_escape_string($string);

$string = htmlentities($string);

return $string;
}
In the most, its great HOWEVER... there are three fields which I would like the user to be able to enter spaces in. An "About me" field for example, if it is run through the above function the new lines are replaced with a 'r' which i assume is "created" by the mysql_real_escape.

Question;

1) Should i run the function on every user variable?
2) Is there a safe "fix" or something alternative which i can run on the three fields which may require line breaks.

thanks.

No comments posted yet

Your Answer:

Login to answer
162 Like 9 Dislike
Previous forums Next forums
Other forums

SQL Query/echo not working
Hey all,

I'm trying to run (what I thought) was a simple operation and it isn't working. I h

storing results of a function - previous result overwritten with new result
I have created a function to validate input.

function validate_dimension($value,$name) {
<

Uploading Filetypes and placing them in seperate folders.
Hello,

first post , and asking for help im afraid. Very new to PHP, was making good progress

Notice Undefined index: reset/ Attempting to redirect, works, but get a notice
Full Header.php is:
Code: [Select]<?php
$reset= false;
$reset= strip_tags($_GET[&quo

check if string contain only a-z/A-Z
Is where any way to check if string contains only a-z/A-Z, without writing an array with all possibl

Renaming array keys
The issue: renaming array keys inside a foreach loop.

I'm trying to build a pie chart image w

controlling/creating accounts with privileges
hi all,
i'm trying to figure out how i can create/control account with privileges, for instance a

Good Programming and Web Design Books
Hi,

I recived a pm today from a fellow phpfreaker regarding php books, i replied with the fo

Connect to database that isn't localhost
I am currently doing a small script for a company that doesn't have mySql support on there hosting.

Modal Popup Help
Hi guys, I have a modal popup with an iframe. How can i send data from a label or textbox to the ifr

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash