SQL Injection


Posted on 16th Feb 2014 07:03 pm by admin

In my attempts to protect my database from mySQL injection I have created another problem for myself....

Currently all user inputted strings go through this function;

Code: function cleanQuery($string)
{
if(get_magic_quotes_gpc())
{
$string = stripslashes($string);
}
$string = mysql_real_escape_string($string);

$string = htmlentities($string);

return $string;
}
In the most, its great HOWEVER... there are three fields which I would like the user to be able to enter spaces in. An "About me" field for example, if it is run through the above function the new lines are replaced with a 'r' which i assume is "created" by the mysql_real_escape.

Question;

1) Should i run the function on every user variable?
2) Is there a safe "fix" or something alternative which i can run on the three fields which may require line breaks.

thanks.

No comments posted yet

Your Answer:

Login to answer
162 Like 9 Dislike
Previous forums Next forums
Other forums

MII Netweaver Server stopped due to CPIC connection Problem
Dear Experts,
We have SAP XMII 12.0 setup running on Netweaver 2004s,7.0, Java Stack only.

background color imagefill
Hello

I would like to ask you why I see this square in red color just in my local xampp insta

Need help: how to catch acess of undefined class properties
Hello. I am learning OO with PHP and have hit a problem.
Some code runs as perfectly valid code,

Problem with Subscreen
Dear Experts ,
I am facing a problem with the subscreens. My senario is as follows :

strtotime issue
Hey all,

I'm playing around with some code, and basically the idea is:

Person changes

Need help in Generating Combinations
Need help generating all possible combination of names in an array

Lets say i have the follow

Random date selection
i want to select random date with time(hour+minutes+sec) where date is specified(10/22/2009) and tim

batch file not building to webapps folder
Hello. I just started running Vista :P and can't seem to get my projects deployed. I found out how

Extracting URL pointer within XML tag
Hi.

I'm trying to extract text between two quotation marks in XML. For example, I want to ex

cURL and Sessions
Ohai.

So, I'm trying to cURL a bunch of things off of a page, and put them into a session. I'

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash