SQL Injection


Posted on 16th Feb 2014 07:03 pm by admin

In my attempts to protect my database from mySQL injection I have created another problem for myself....

Currently all user inputted strings go through this function;

Code: function cleanQuery($string)
{
if(get_magic_quotes_gpc())
{
$string = stripslashes($string);
}
$string = mysql_real_escape_string($string);

$string = htmlentities($string);

return $string;
}
In the most, its great HOWEVER... there are three fields which I would like the user to be able to enter spaces in. An "About me" field for example, if it is run through the above function the new lines are replaced with a 'r' which i assume is "created" by the mysql_real_escape.

Question;

1) Should i run the function on every user variable?
2) Is there a safe "fix" or something alternative which i can run on the three fields which may require line breaks.

thanks.

No comments posted yet

Your Answer:

Login to answer
162 Like 9 Dislike
Previous forums Next forums
Other forums

get multiple rows
Hi I want to get multiple rows from a db

I am using this for the db query
Code: public

PHP page loading in Firefox but not in IE
hello,

i am currently doing a project in PHP and i have a problem. If I view the project in M

To add a field on the screen XK02.
Hi All,

How to add an additional field in the vendor change control screen XK02.
The

Legal Issues for SAP ERP o ERP in general
Hi experts,

Can someone please help me finding some documentation about legal issues tha

Casting Decimals in Oracle
This code worked as a query in DB2, but I am not sure what the syntax is for casting decimals in Ora

Sharing PHP Sessions Across Domains
I am in the process of writing a script to share a php session across various domains I have.
The

Recode Abap Dynpro into Web Dynpro
Hi All,
A client has asked us to look at rearchitecting a custom transaction that was developed

Using insert variable
need a way to inert variable data to mysql database

$acc = "212121212";
$nok =

Help with email validation please...
Hi,
Please could you help.
I have a register.php login page where users register, the detail

Problem with DB connection
Hello there! I'm new to this forum and I'm new to PHP coding also. I wrote something that doesn't ma

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash