Jump to content

Recommended Posts

im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.

 

I have roughly 30 files. I want to be able to edit every $_POST and $_GET

 

$value=$_POST['value'];
$value=$_GET['value'];

 

my instinct would be to edit every file and do it manually

 

$value=$_POST['value'];
$value=mysql_real_escape_string($value)


$value=$_GET['value'];
$value=mysql_real_escape_string($value)

 

but if there was a faster way it would make my life easier. What I would like to do is to maybe create a function i can put at the top of every page or into my global.php which is included into every page that would do something like this

 

 
if (get_magic_quotes_gpc()) {

       $value = stripslashes($value);
   }else{
     $value=mysql_real_escape_string($value)

   }

 

i dont intend to have magic quotes on, but other people might on there servers.

 

I just need every $_POST or $_GET within my script to be automaticly cleaned or filtered from SQL Injections

 

I saw something a long time ago where it was something they put at the top of there page, this will be completely wrong, but i will give u an example of what it looked like

 

$_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map('mysql_real_escape_string', $_REQUEST);

 

im not to sure how that goes about effecting everything, where to put it, etc

 

Any ideas or suggestions? Or am I stuck doing it manually.

please dont kill me. I found the tutorial I referenced

 

 

if(!get_magic_quotes_gpc())

{

  $_GET = array_map('mysql_real_escape_string', $_GET); 

  $_POST = array_map('mysql_real_escape_string', $_POST); 

  $_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);

}

else

{  

   $_GET = array_map('stripslashes', $_GET); 

   $_POST = array_map('stripslashes', $_POST); 

   $_COOKIE = array_map('stripslashes', $_COOKIE);

   $_GET = array_map('mysql_real_escape_string', $_GET); 

   $_POST = array_map('mysql_real_escape_string', $_POST); 

   $_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);

}

 

 

From my understanding I could put this in my global.php which is already included into everyfile, or i could make another file say "trimit.php" and include in every file, and as long as it is at the top of the page (after the db connection config file) then it will automaticly clean the data?

 

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.