SQL Injection


Posted on 16th Feb 2014 07:03 pm by admin

In my attempts to protect my database from mySQL injection I have created another problem for myself....

Currently all user inputted strings go through this function;

Code: function cleanQuery($string)
{
if(get_magic_quotes_gpc())
{
$string = stripslashes($string);
}
$string = mysql_real_escape_string($string);

$string = htmlentities($string);

return $string;
}
In the most, its great HOWEVER... there are three fields which I would like the user to be able to enter spaces in. An "About me" field for example, if it is run through the above function the new lines are replaced with a 'r' which i assume is "created" by the mysql_real_escape.

Question;

1) Should i run the function on every user variable?
2) Is there a safe "fix" or something alternative which i can run on the three fields which may require line breaks.

thanks.

No comments posted yet

Your Answer:

Login to answer
162 Like 9 Dislike
Previous forums Next forums
Other forums

Material xxx does not exist in plant xxx
Dear All,

I am working for a steel project which is repetitive manufacturing.

php not working written for consumption of slots
1. Here is the function where i will be allowed to consume the slot booked by me.

2. Here i c

SuperCali PHP Event Calendar
does anyone have any experience with the SuperCali PHP Event Calendar? I could use some assistance

subtract 1 from value entered in text field
Hi

How do I subtract 1 from the vaue entered into a text field?

Thanks

frames get header location..
i have two frames, one top, one bottom. how do i do a form on the bottom frame that gives me the ur

Simple image grab script.
I was wondering if it was possible and if anyone knew how to make a simple php script that looks at

Where do I put CRON code
So I've figured out alot about how to automatically run a php function. I can't figure out where to

first few characters only
hi, does anyone know how to use PHP to take the first few words of a text and limit them? i have see

Passing variables with pagination - iterating through unique id per link
Hi everyone,
I have seen a few topics like this one. Still cant find the specific thing, so I am

Get value from Select menu
Hi!

Have tried to find the solution on the web. Don't know if there is an easy one. A descrip

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash