SQL Injection


Posted on 16th Feb 2014 07:03 pm by admin

In my attempts to protect my database from mySQL injection I have created another problem for myself....

Currently all user inputted strings go through this function;

Code: function cleanQuery($string)
{
if(get_magic_quotes_gpc())
{
$string = stripslashes($string);
}
$string = mysql_real_escape_string($string);

$string = htmlentities($string);

return $string;
}
In the most, its great HOWEVER... there are three fields which I would like the user to be able to enter spaces in. An "About me" field for example, if it is run through the above function the new lines are replaced with a 'r' which i assume is "created" by the mysql_real_escape.

Question;

1) Should i run the function on every user variable?
2) Is there a safe "fix" or something alternative which i can run on the three fields which may require line breaks.

thanks.

No comments posted yet

Your Answer:

Login to answer
162 Like 9 Dislike
Previous forums Next forums
Other forums

get multiple rows
Hi I want to get multiple rows from a db

I am using this for the db query
Code: public

Unable to customise toolbar in FCK
question about n
I was looking at some of the things you could do with php and one of the things I have tried is n.<

Placing and array within an array then sorting it!
I have a page that runs two large mysql queries and saves the results into arrays, in php I then per

Format timestamp from mysql
When I tried this:
Code: date("m/d/Y H:i A", $row['timestamp'])
I got 12/31/1969 18:

Read from a text file after a specific word
Hi all.

I have a text file that looks like the one below.
I know how to open the text fi

HTML form problem
Ive made a form to that i want to send to my email via PHP. but when it send only the name's etc sen

Parse error: syntax error, unexpected T_ELSEIF in /home/......html/item.php on l
I do not know what is wrong with this. Hope some one can help. I do nto want to post the entire site

PHP switch function help
Hi, I am trying to create a search function for a directory website. On the search function on html

PHP referral database. I would like this form to email the referrer.
Okay, Hello I've been trolling for years. This the first time I've ever asked for php help. Normally

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash