Testing and suggestions needed [social network]

[studgate]

this is getting ridiculous so I put the site down until I can a solution to the

problems, the leaking, the url exposure, and all the other query problems.

[darkfreaks]

Try this:

 

<?php
if (get_magic_quotes_gpc()) {
    function stripslashes_deep($value)
    {
        $value = is_array($value) ?
                    array_map('stripslashes_deep', $value) :
                    stripslashes($value);

        return $value;
    }

    $_POST = array_map('stripslashes_deep', $_POST);
    $_GET = array_map('stripslashes_deep', $_GET);
    $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
    $_REQUEST = array_map('stripslashes_deep', $_REQUEST);
}
if (get_magic_quotes_gpc()) {
function clean_post_var($var){
      $var=mysql_real_escape_string(trim(strip_tags($var)));
      $var=htmlspecialchars($var,ENT_QUOTES);
      return htmlspecialchars($var); //PHP 4 Version
                 return filter_var($var,FILTER_SANITIZE_STRING);//PHP5 Version
               
}

$_POST = array_map('clean_post_var', $_POST);
    $_GET = array_map('clean_post_var', $_GET);
    $_COOKIE = array_map('clean_post_var', $_COOKIE);
    $_REQUEST = array_map('clean_post_var', $_REQUEST);
}
?>

 

 

[darkfreaks]

Unsafe Variables: option_id, poll_id,x_FirstName,x_LastName,x_charity,

x_username,check,x_password,c_password,

x_email,x_Gender,x_relationshipstatus,x_BirthDate,

x_Bio,x_Sport[],x_FavoriteTeam,x_Photo,x_interests[]

x_height,x_T2DShirtSize,s_x_T2DShirtSize,lc_x_T2DShirtSize

ld1_x_T2DShirtSize,ld2_x_T2DShirtSize,lft_x_T2DShirtSize

x_skilllevel,x_school,x_job,x_freeagent,x_freeagentsport[],

x_HomePhone,x_CellPhone,x_Address,x_City,

x_State,s_x_State,lc_x_State,ld1_x_State,

ld2_x_State,lft_x_State,x_ZipCode,x_automatic,

ipaddress,btnAction

 

[studgate]

any sql injection or xss problems??

let me know.

[darkfreaks]

that above is all unsafe SQL injection, you need to fix those variables.