runnerjp Posted November 11, 2008 Share Posted November 11, 2008 is there like a function i could make that would atuomaticly strip slashes ect on any post or get made? Link to comment https://forums.phpfreaks.com/topic/132273-strip-slashes-msql-real-escape-function/ Share on other sites More sharing options...
trq Posted November 11, 2008 Share Posted November 11, 2008 <?php $_POST = array_map('stripslashes', $_POST); $_GET = array_map('stripslashes', $_GET); ?> Link to comment https://forums.phpfreaks.com/topic/132273-strip-slashes-msql-real-escape-function/#findComment-687669 Share on other sites More sharing options...
Mchl Posted November 11, 2008 Share Posted November 11, 2008 $_REQUEST = array_map('stripslashes', $_REQUEST); $_REQUEST is $_POST and $_GET combined. Link to comment https://forums.phpfreaks.com/topic/132273-strip-slashes-msql-real-escape-function/#findComment-687674 Share on other sites More sharing options...
runnerjp Posted November 11, 2008 Author Share Posted November 11, 2008 cheers guys... what other things then stripslashes would you recomend using to prevent sql injections... Link to comment https://forums.phpfreaks.com/topic/132273-strip-slashes-msql-real-escape-function/#findComment-687682 Share on other sites More sharing options...
DeanWhitehouse Posted November 11, 2008 Share Posted November 11, 2008 mysql_real_escape_string();? Link to comment https://forums.phpfreaks.com/topic/132273-strip-slashes-msql-real-escape-function/#findComment-687683 Share on other sites More sharing options...
trq Posted November 11, 2008 Share Posted November 11, 2008 $_REQUEST = array_map('stripslashes', $_REQUEST); $_REQUEST is $_POST and $_GET combined. That will however have no affect on the $_POST or $_GET arrays. Link to comment https://forums.phpfreaks.com/topic/132273-strip-slashes-msql-real-escape-function/#findComment-687687 Share on other sites More sharing options...
trq Posted November 11, 2008 Share Posted November 11, 2008 cheers guys... what other things then stripslashes would you recomend using to prevent sql injections... Stripslashes will not prevent sql injection. Your data needs to be properly escaped and personally, I find it better to do this on a case by case basis rather than in some catch all. Link to comment https://forums.phpfreaks.com/topic/132273-strip-slashes-msql-real-escape-function/#findComment-687688 Share on other sites More sharing options...
DeanWhitehouse Posted November 11, 2008 Share Posted November 11, 2008 Unless he is using $_REQUEST instead of using $_POST and $_GET, but it is unadvised as it is a security risk i believe. Link to comment https://forums.phpfreaks.com/topic/132273-strip-slashes-msql-real-escape-function/#findComment-687690 Share on other sites More sharing options...
Mchl Posted November 11, 2008 Share Posted November 11, 2008 Unless he is using $_REQUEST instead of using $_POST and $_GET, but it is unadvised as it is a security risk i believe. That will however have no affect on the $_POST or $_GET arrays. Both right. Link to comment https://forums.phpfreaks.com/topic/132273-strip-slashes-msql-real-escape-function/#findComment-687697 Share on other sites More sharing options...
runnerjp Posted November 11, 2008 Author Share Posted November 11, 2008 so rather then add a function to do it just do it all manually will be safer! Link to comment https://forums.phpfreaks.com/topic/132273-strip-slashes-msql-real-escape-function/#findComment-687718 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.