SQL Injection


Posted on 16th Feb 2014 07:03 pm by admin

In my attempts to protect my database from mySQL injection I have created another problem for myself....

Currently all user inputted strings go through this function;

Code: function cleanQuery($string)
{
if(get_magic_quotes_gpc())
{
$string = stripslashes($string);
}
$string = mysql_real_escape_string($string);

$string = htmlentities($string);

return $string;
}
In the most, its great HOWEVER... there are three fields which I would like the user to be able to enter spaces in. An "About me" field for example, if it is run through the above function the new lines are replaced with a 'r' which i assume is "created" by the mysql_real_escape.

Question;

1) Should i run the function on every user variable?
2) Is there a safe "fix" or something alternative which i can run on the three fields which may require line breaks.

thanks.

No comments posted yet

Your Answer:

Login to answer
162 Like 9 Dislike
Previous forums Next forums
Other forums

Generating unique numbers using php
Hi,
I need help in generating unique number using php.I tired using rand() in php.But, by using r

Can php detect connection speed and thereafter swap out elements?
No code to post, lads, yet. Just looking for a yay or nay at this stage:

Can a php script be

Suggestions for Functional module
Hello experts,
I Have done B.Sc(Mathematics) and MCA & have learnt SAP/ABAP but do n

Form File Upload
I've read through tons of resources and tutorials and as far as I can tell, my code is accurate, but

Logging and nologging bulk insert
Hi,

oracle version: 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production

Php mysql - select?
Hi i have this code:
Code: $iteminfo = mysql_query("SELECT desc FROM wc_items WHERE itemid =

Change snippet to use CURDATE
I am using time() in the snippet below, I would like to use CURDATE() and have the database setup fo

PHP Form to Variable.
Hi! I have written a HTML-form code in DreamWeaver CS3 (in a PHP doc) and I really need it to work s

User registration and login
I don't know whether this is the correct forum, if not i apologise but am pretty desperate at the mo

Multithreading in Oracle (Java, SQLJ, Pro*C,??) on 10g
I am investigating how to run a Java stored procedure in multithread mode.
I know that if I chang

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash