SQL Injection


Posted on 16th Feb 2014 07:03 pm by admin

In my attempts to protect my database from mySQL injection I have created another problem for myself....

Currently all user inputted strings go through this function;

Code: function cleanQuery($string)
{
if(get_magic_quotes_gpc())
{
$string = stripslashes($string);
}
$string = mysql_real_escape_string($string);

$string = htmlentities($string);

return $string;
}
In the most, its great HOWEVER... there are three fields which I would like the user to be able to enter spaces in. An "About me" field for example, if it is run through the above function the new lines are replaced with a 'r' which i assume is "created" by the mysql_real_escape.

Question;

1) Should i run the function on every user variable?
2) Is there a safe "fix" or something alternative which i can run on the three fields which may require line breaks.

thanks.

No comments posted yet

Your Answer:

Login to answer
162 Like 9 Dislike
Previous forums Next forums
Other forums

Will this protect from mysql injection?
I do not want anything like DROP TABLE to work or any type of coding..

Heres my code.. is it

Renaming array keys
The issue: renaming array keys inside a foreach loop.

I'm trying to build a pie chart image w

SOAP Issue
Hi,

I am facing some understanding problem with SOAP basic.kindly recommend some SOAP expert.

Inserting multiple records from single form
I've found a number of threads that deal with this issue, but I'm new to php and coding language so

What am I missing here? Help!
Hello all!. I can't seem to get this working right. Well - it renders right, but something is goin

Developing Ajax-enabled ASP.Net applications for the iPhone
I would like to develop Ajax web applications using Visual Studio that are optimized for the iPhone.

passing an array of objects after submit
How do I do this? This is what I have tried and it is not working.

<form method="

a dificult string search
Hi I don't know a way around this. I want the user to input a password, but to make it a bit complca

How to login with SAPCPIC userid
I have changed the Password for SAPCPIC in Development Server for 000,001 and 100 client.
But w

"From field" in PHP email form
I used a wizard to create a PHP email form. I was able to customize it with the exception of the Fr

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash