SQL Injection


Posted on 16th Feb 2014 07:03 pm by admin

In my attempts to protect my database from mySQL injection I have created another problem for myself....

Currently all user inputted strings go through this function;

Code: function cleanQuery($string)
{
if(get_magic_quotes_gpc())
{
$string = stripslashes($string);
}
$string = mysql_real_escape_string($string);

$string = htmlentities($string);

return $string;
}
In the most, its great HOWEVER... there are three fields which I would like the user to be able to enter spaces in. An "About me" field for example, if it is run through the above function the new lines are replaced with a 'r' which i assume is "created" by the mysql_real_escape.

Question;

1) Should i run the function on every user variable?
2) Is there a safe "fix" or something alternative which i can run on the three fields which may require line breaks.

thanks.

No comments posted yet

Your Answer:

Login to answer
162 Like 9 Dislike
Previous forums Next forums
Other forums

Include with Parameters
In a particular page I would like to include a file that requires $_GET parameters.

when I go

Dynamic memory problem
Hey,

At the beginning of my code, I have this line:

Shape* gShape = 0;

sql error
I have been looking at this code for 20mins and can't work out what I am doing wrong. There is somet

Multiple upload and Resize
I would like some help on my script I have the for my index.php

////

<html&

how to configure ADS in ABAP instance
Hi All,

I am working on r/3 4.7 ABAP system.Can we configure ADS(adobe document services)

BSP Ext - tableView - Sort - NEWBIE
Hi,
I have been trying to get the sort to work. I have defined the column definitions by fillin

Hashing?
Hi, I was hoping to take a string value then convert it - consistently - across each of our pages in

$get problem
Hi Guys ...

can you please tell me what i am doing wrong here
Code: <?php

Concatenate two strings ???
I have string one $string1 and another $string2.

How to concatenate (add) both of them $str

simple script won't work. Please help
I'm new to php, and I am having trouble displaying a simple script in my web browser. My php code ex

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash