chantown Posted September 18, 2007 Share Posted September 18, 2007 Is there a way to automatically do this? I don't want to apply mysql_real_escape_string to every query Link to comment https://forums.phpfreaks.com/topic/69712-automatic-mysql-injection-protection/ Share on other sites More sharing options...
darkfreaks Posted September 18, 2007 Share Posted September 18, 2007 nope Link to comment https://forums.phpfreaks.com/topic/69712-automatic-mysql-injection-protection/#findComment-350324 Share on other sites More sharing options...
cooldude832 Posted September 18, 2007 Share Posted September 18, 2007 Yes there is, but you have to build it. When you run a query rewrite it so that you have your own function query that applies injection protection so instead of mysql_query("Query String"); do query("Query String") and query is a custom function that applies injection protection in it to the string and so forth. Link to comment https://forums.phpfreaks.com/topic/69712-automatic-mysql-injection-protection/#findComment-350327 Share on other sites More sharing options...
corbin Posted September 18, 2007 Share Posted September 18, 2007 To extend on cooldudes's post: function CustomQuery() { $args = func_get_args(); $query = array_shift($args); foreach($args as $k => $v) { $args[$k] = mysql_real_escape_string($v); } return vsprintf($query, $args); } It's been a while since I've used func_get_args, so that syntax might be on crack, but hopefully it shows the general idea.... Link to comment https://forums.phpfreaks.com/topic/69712-automatic-mysql-injection-protection/#findComment-350337 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.