GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   Tech mysql_real_escape_string question (https://gfy.com/showthread.php?t=1356949)

Publisher Bucks 08-11-2022 08:39 AM
mysql_real_escape_string question
 
Is there a snippet of code that I can use to automatically secure any form input on a page to the SQL database without the need of placing mysql_real_escape_string on every field to check?

Does that make sense?

redwhiteandblue 08-11-2022 08:56 AM
Try this, it may or may not work....

It should run through all the values in the $_POST array and make a new array with sanitized values.

Code:

$sanitized_post = [];
$dbc = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);

foreach($_POST as $key => $value)
{
        $sanitized_post[$key] = $dbc->real_escape_string($value);
}

k0nr4d 08-11-2022 09:29 AM
Code:
<?php
$_POST = mysqli_real_escape_array($dblink,$_POST);

function mysqli_real_escape_array($dblink, $data) {
    if (is_array($data)) {
        foreach ($data as $key => $value) {
            $data[$key] = mysqli_real_escape_array($dblink, $value);
        }
        return $data;
    } else {
        if (!is_numeric($data)) {
            return mysql_real_escape_string($dblink,$data);
        } else {
            return $data;
        }
    }
}
?>

Klen 08-11-2022 09:33 AM
I am using htmlspecialchars and so far it is working fine. But it does not hurt to put extra steps to harden security.

k0nr4d 08-11-2022 09:40 AM
Quote:
Originally Posted by Klen (Post 23032094)
I am using htmlspecialchars and so far it is working fine. But it does not hurt to put extra steps to harden security.
That's not enough to stop sql injection. htmlspecialchars is enough for XSS.

redwhiteandblue 08-11-2022 09:43 AM
Quote:
Originally Posted by Klen (Post 23032094)
I am using htmlspecialchars and so far it is working fine. But it does not hurt to put extra steps to harden security.
htmlspecialchars is meant more for output to an HTML document, and in any case htmlentities does a better job of that.

Klen 08-11-2022 10:39 AM
Quote:
Originally Posted by k0nr4d (Post 23032100)
That's not enough to stop sql injection. htmlspecialchars is enough for XSS.
Well, i did added some additional sanitation steps as when tested against sql injections was working fine. Either way, code need to be tested against it regardless what methods are used.

Publisher Bucks 08-11-2022 10:59 AM
Awesome, thanks everyone :thumbsup

machinegunkelly 08-11-2022 08:29 PM
Quote:
Originally Posted by Publisher Bucks (Post 23032145)
Awesome, thanks everyone :thumbsup
I still feel like you should just say fuck it and grab a frame work.

I get wanting to 'learn php' but .. do you want to learn to churn butter? or how a sun dial works, perhaps you want to sow seeds with an ox?

Why waste so much time learning php, when a framework takes all the pain out of it.

i'll tell you right now as a hiring manager, old school PHP devs are discarded because they cant learn modern 'php'

LaSexorcisto 08-11-2022 09:53 PM
Quote:
Originally Posted by machinegunkelly (Post 23032300)
I still feel like you should just say fuck it and grab a frame work.

I get wanting to 'learn php' but .. do you want to learn to churn butter? or how a sun dial works, perhaps you want to sow seeds with an ox?

Why waste so much time learning php, when a framework takes all the pain out of it.

i'll tell you right now as a hiring manager, old school PHP devs are discarded because they cant learn modern 'php'
I would agree with that statement only if the following are true:

1) His end goal is to work as an "employee" in some 9-5 rat race job making someone else rich and keeping up with other employees to make the corporate boss happy.
2) He has no interest in learning the basic building blocks of the language. (Like if you want to learn how to work on car engines to build your own hotrod, fuck it just buy a Tesla and buy the dealer upgrades instead)

Quote:
Why waste so much time learning php, when a framework takes all the pain out of it.
Then that's just learning the framework not the language.

If that's the case, then one could easily say why learn a framework when Wordpress, Joomla, or Drupal takes the pain out of it.

k0nr4d 08-12-2022 12:21 AM
Quote:
Originally Posted by machinegunkelly (Post 23032300)
i'll tell you right now as a hiring manager, old school PHP devs are discarded because they cant learn modern 'php'
When I'm hiring I have the opposite. If the guy can't invent the wheel from scratch I don't want him. Too many guys apply that only know zend framework or only know laravel or only know codeignitor but don't actually know REALLY know PHP :2 cents:

Klen 08-12-2022 12:48 AM
Quote:
Originally Posted by k0nr4d (Post 23032355)
When I'm hiring I have the opposite. If the guy can't invent the wheel from scratch I don't want him. Too many guys apply that only know zend framework or only know laravel or only know codeignitor but don't actually know REALLY know PHP :2 cents:
Where do i apply ? :1orglaugh


All times are GMT -7. The time now is 06:26 AM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123