Jump to content

Automatic mysql injection protection


chantown

Recommended Posts

Yes there is, but you have to build it.  When you run a query rewrite it so that you have your own function query that applies injection protection

so instead of

mysql_query("Query String");

do

query("Query String")

 

and query is a custom function that applies injection protection in it to the string and so forth. 

To extend on cooldudes's post:

 

function CustomQuery() {
     $args = func_get_args();
     $query = array_shift($args);
     foreach($args as $k => $v) {
          $args[$k] = mysql_real_escape_string($v);
     }
     return vsprintf($query, $args);
}

 

It's been a while since I've used func_get_args, so that syntax might be on crack, but hopefully it shows the general idea....

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.