GoFuckYourself.com - Adult Webmaster Forum - View Single Post

Tempest · 09-20-2010, 01:33 PM

Yes, that will help. However, all the values should be validated if you want to stop all potential issues as it will also depend on how the sql statements are done.

You want to do something like this on the post values. And I think it needs to be done after you're connected to the database for mysql_real_escape_string to work.

Code:

foreach($_POST as $key => $val){
	if( is_array($val) ){
		for($i = 0; $i < count($val); $i++){
			$_POST[$key][$i] = mysql_real_escape_string(get_magic_quotes_gpc() ? stripslashes($val[$i]) : $val[$i]);
		}
	}else{
		$_POST[$key] = mysql_real_escape_string(get_magic_quotes_gpc() ? stripslashes($val) : $val);
	}
}

09-20-2010, 01:33 PM
Tempest Too lazy to set a custom title Industry Role: Join Date: May 2004 Location: West Coast, Canada. Posts: 10,217	Yes, that will help. However, all the values should be validated if you want to stop all potential issues as it will also depend on how the sql statements are done. You want to do something like this on the post values. And I think it needs to be done after you're connected to the database for mysql_real_escape_string to work. Code: foreach($_POST as $key => $val){ if( is_array($val) ){ for($i = 0; $i < count($val); $i++){ $_POST[$key][$i] = mysql_real_escape_string(get_magic_quotes_gpc() ? stripslashes($val[$i]) : $val[$i]); } }else{ $_POST[$key] = mysql_real_escape_string(get_magic_quotes_gpc() ? stripslashes($val) : $val); } }