Jump to content

PHP SQL Injection


eddy556

Recommended Posts

I have created a function, which secures everything

[code]
<?php
function MakeSafe($str, $lower = false){
if($make_lower){
$str  =  strtolower($str);
}
$str  =  stripslashes($str);
$str  =  trim($str);
$str  =  strip_tags($str);
$str  =  mysql_real_escape_string($str);
return  $str;
}
?>

$username = MakeSafe($_POST["username"], 1);
//This makes the username safe, and lowercase

$sometextfield = MakeSafe($_POST["sometextfield"]);
This makes sometextfield safe, but keeping the original Caps
[/code]
Link to comment
https://forums.phpfreaks.com/topic/28230-php-sql-injection/#findComment-129123
Share on other sites

Just as a notice to mysql_real_escape_string()
It won't work unless you have an open db connection at the time it's called.

so this won't work
[code]
<?php

$string = mysql_real_escape_string($string);

mysql_connect($host, $user, $password);

?>
[/code]

but this works:
[code]
<?php

mysql_connect($host, $user, $password);

$string = mysql_real_escape_string($string);

?>
[/code]
Link to comment
https://forums.phpfreaks.com/topic/28230-php-sql-injection/#findComment-129130
Share on other sites

This is what I use for SQL injection..

[code]
<?php
function protect($input)
{
$input = mysql_real_escape_string($input);
$input = eregi_replace("%","",$input);
$input = eregi_replace("--","",$input);
$input =htmlspecialchars(mysql_real_escape_string($input));

return $input;
}

$_COOKIE = array_map("protect",$_COOKIE);
array_map('mysql_real_escape_string', $_POST);
array_map('mysql_real_escape_string', $_GET);

?>
[/code]

(the DB connection is above, but, I just took out this part.. and put in the php tags so it's less on the eyes)
Link to comment
https://forums.phpfreaks.com/topic/28230-php-sql-injection/#findComment-129198
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.