SQL Injection


Posted on 16th Feb 2014 07:03 pm by admin

In my attempts to protect my database from mySQL injection I have created another problem for myself....

Currently all user inputted strings go through this function;

Code: function cleanQuery($string)
{
if(get_magic_quotes_gpc())
{
$string = stripslashes($string);
}
$string = mysql_real_escape_string($string);

$string = htmlentities($string);

return $string;
}
In the most, its great HOWEVER... there are three fields which I would like the user to be able to enter spaces in. An "About me" field for example, if it is run through the above function the new lines are replaced with a 'r' which i assume is "created" by the mysql_real_escape.

Question;

1) Should i run the function on every user variable?
2) Is there a safe "fix" or something alternative which i can run on the three fields which may require line breaks.

thanks.

No comments posted yet

Your Answer:

Login to answer
162 Like 9 Dislike
Previous forums Next forums
Other forums

Can you help please? Php file
I have to write this php file to allow users to register their nicknames on nickserv

For an I

Floating Point Precision Loss
I'm writing a program to draw a three-dimensional cube (with a corner cut off) without using any 3D

Adding Different Numbers From MySQL
Basically I have a mysql database with a couple prices as the following:

9.99
9.99
9.99

RTF fomatting to email content
Im trying to sen an email with content is picked up from a rtf-file (file_get_contents('*.rtf'). Mai

help with email script...
hey

I need help with my mail script

when the form on http://www.mcgdesignstudio.com/c

UDP server recvfrom() always returns -1? :(
Hello all,
I am getting a very strange error in my code :( I am writing a server application in C

trim function issues
Hi guys, total noob here...

So I've been tinkering around with a html and am using php to em

Mysql error message
help me find out what this error message means:

"Duplicate entry '0' for key 'PRIMARY'&q

How to get the previous months last date....
Here's my wittle problem. I suck at working with dates.

So today is 10/20/2009, i need to fig

listing help
Hi,

at first, great new design!!! I like it,

i got a problem,

I want to list so

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash