runnerjp Posted November 11, 2008 Share Posted November 11, 2008 is there like a function i could make that would atuomaticly strip slashes ect on any post or get made? Quote Link to comment Share on other sites More sharing options...
trq Posted November 11, 2008 Share Posted November 11, 2008 <?php $_POST = array_map('stripslashes', $_POST); $_GET = array_map('stripslashes', $_GET); ?> Quote Link to comment Share on other sites More sharing options...
Mchl Posted November 11, 2008 Share Posted November 11, 2008 $_REQUEST = array_map('stripslashes', $_REQUEST); $_REQUEST is $_POST and $_GET combined. Quote Link to comment Share on other sites More sharing options...
runnerjp Posted November 11, 2008 Author Share Posted November 11, 2008 cheers guys... what other things then stripslashes would you recomend using to prevent sql injections... Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted November 11, 2008 Share Posted November 11, 2008 mysql_real_escape_string();? Quote Link to comment Share on other sites More sharing options...
trq Posted November 11, 2008 Share Posted November 11, 2008 $_REQUEST = array_map('stripslashes', $_REQUEST); $_REQUEST is $_POST and $_GET combined. That will however have no affect on the $_POST or $_GET arrays. Quote Link to comment Share on other sites More sharing options...
trq Posted November 11, 2008 Share Posted November 11, 2008 cheers guys... what other things then stripslashes would you recomend using to prevent sql injections... Stripslashes will not prevent sql injection. Your data needs to be properly escaped and personally, I find it better to do this on a case by case basis rather than in some catch all. Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted November 11, 2008 Share Posted November 11, 2008 Unless he is using $_REQUEST instead of using $_POST and $_GET, but it is unadvised as it is a security risk i believe. Quote Link to comment Share on other sites More sharing options...
Mchl Posted November 11, 2008 Share Posted November 11, 2008 Unless he is using $_REQUEST instead of using $_POST and $_GET, but it is unadvised as it is a security risk i believe. That will however have no affect on the $_POST or $_GET arrays. Both right. Quote Link to comment Share on other sites More sharing options...
runnerjp Posted November 11, 2008 Author Share Posted November 11, 2008 so rather then add a function to do it just do it all manually will be safer! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.