chantown Posted September 18, 2007 Share Posted September 18, 2007 Is there a way to automatically do this? I don't want to apply mysql_real_escape_string to every query Quote Link to comment https://forums.phpfreaks.com/topic/69712-automatic-mysql-injection-protection/ Share on other sites More sharing options...
darkfreaks Posted September 18, 2007 Share Posted September 18, 2007 nope Quote Link to comment https://forums.phpfreaks.com/topic/69712-automatic-mysql-injection-protection/#findComment-350324 Share on other sites More sharing options...
cooldude832 Posted September 18, 2007 Share Posted September 18, 2007 Yes there is, but you have to build it. When you run a query rewrite it so that you have your own function query that applies injection protection so instead of mysql_query("Query String"); do query("Query String") and query is a custom function that applies injection protection in it to the string and so forth. Quote Link to comment https://forums.phpfreaks.com/topic/69712-automatic-mysql-injection-protection/#findComment-350327 Share on other sites More sharing options...
corbin Posted September 18, 2007 Share Posted September 18, 2007 To extend on cooldudes's post: function CustomQuery() { $args = func_get_args(); $query = array_shift($args); foreach($args as $k => $v) { $args[$k] = mysql_real_escape_string($v); } return vsprintf($query, $args); } It's been a while since I've used func_get_args, so that syntax might be on crack, but hopefully it shows the general idea.... Quote Link to comment https://forums.phpfreaks.com/topic/69712-automatic-mysql-injection-protection/#findComment-350337 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.