Overclock.net - Overclocking.net
     
 
Home Gallery Reviews Blogs Register Today's Posts Mark Forums Read Members List


Go Back   Overclock.net - Overclocking.net > Software, Programming and Coding > Coding and Programming > Web Coding
Reload this Page [PHP] Globals Help

Reply
 
LinkBack Thread Tools
Old 03-18-08   #1 (permalink)
Programmer
 
LyokoHaCk's Avatar
 
amd nvidia

Join Date: Aug 2006
Location: United States Inc.
Posts: 1,959

Rep: 73 LyokoHaCk is acknowledged by some
Unique Rep: 68
FAQs Submitted: 1
Trader Rating: 2
Default [PHP] Globals Help
Is it possible to sanitize the whole global input variable array ($_POST or $_GET or $_REQUEST) variable array by doing
PHP Code:
mysql_real_escape_string($_POST
or does it not work?

Thanks
LyokoHaCk is offline   Reply With Quote
Old 03-18-08   #2 (permalink)
PC Gamer
 
Coma's Avatar
 
intel nvidia

Join Date: Jun 2007
Posts: 2,967

Rep: 131 Coma is acknowledged by manyComa is acknowledged by many
Unique Rep: 108
Trader Rating: 0
Default
I *think* you have to iterate over it, like this:
foreach ($_POST as &$v) $v=mysql_real_escape_string($v);

(edit: damn. If you put tags around PHP code [that can be evaluated] here, it'll get executed.)
__________________
System: Sir Slow Shipping
CPU
E6420 @ 2.7GHz, 1.1v		 Motherboard
Asus P5N-E SLI		 Memory
2x1GB OCZ Platinum @ 800MHz 4-4-4-12 1T, 1.9v 		Graphics Card
BFG 8800GTS 320MB OC2
Hard Drive
WD 250GB, 320GB SATA/3, 16MB Cache		 Power Supply
Corsair 520HX		 Case
NZXT Apollo Black
CPU cooling
Stock		 OS
XP Pro SP3 32		 Monitor
Asus VW222U
Last edited by Coma : 03-18-08 at 09:18 PM.
Coma is offline   Reply With Quote
Old 03-18-08   #3 (permalink)
Programmer
 
LyokoHaCk's Avatar
 
amd nvidia

Join Date: Aug 2006
Location: United States Inc.
Posts: 1,959

Rep: 73 LyokoHaCk is acknowledged by some
Unique Rep: 68
FAQs Submitted: 1
Trader Rating: 2
Default
Will do. Thanks!

Escape the $ and _ like so: \$\_POST !
LyokoHaCk is offline   Reply With Quote
Old 03-19-08   #4 (permalink)
Programmer
 
Dismounted's Avatar
 
intel ati

Join Date: Oct 2007
Posts: 290

Rep: 29 Dismounted is acknowledged by some
Unique Rep: 20
Folding Team Rank: 557
Hardware Reviews: 2
Trader Rating: 0
Default
Quote:
Originally Posted by Coma View Post
I *think* you have to iterate over it, like this:
foreach (Array as &) =mysql_real_escape_string();
That code won't work, you're assigning all the values to $v, so you'll only get the last value, try something more like:
PHP Code:
// initialise array
$clean = array();

// iterate values
foreach ($_POST AS $key => $value)
{
    $clean[$key] = mysql_real_escape_string($value);

__________________
System: Powered By Xeon
CPU
Intel Xeon X3320 (45nm Quad)		 Motherboard
ASUS Maximus "Rampage" Formula SE		 Memory
4GB (4x1GB) Crucial Ballistix Tracer DDR2-800 		Graphics Card
ASUS EAH3870 512MB
Hard Drive
WD Raptor 150GB, WD Caviar SE16 500GB + 250GB		 Sound Card
ASUS SupremeFX II		 Power Supply
Corsair HX-620		 Case
Cooler Master RC-690
CPU cooling
Thermalright Ultima-90I		 GPU cooling
Stock		 OS
Windows Vista 64-bit		 Monitor
Samsung 226BW
Dismounted is offline I fold for Overclock.net   Reply With Quote
Old 03-21-08   #5 (permalink)
AMD Overclocker
 
Starholdest's Avatar
 
amd nvidia

Join Date: Mar 2007
Location: █♣█
Posts: 920
Blog Entries: 1

Rep: 43 Starholdest is acknowledged by some
Unique Rep: 38
Hardware Reviews: 1
Trader Rating: 0
Default
This is what I use for my scripts

<?php
//include into your mysql script

if($_POST) $_POST = array_map('mysql_real_escape_string',array_map('ht mlspecialchars',$_POST));
if($_GET) $_GET = array_map('mysql_real_escape_string',array_map('ht mlspecialchars',$_GET));
if($_COOKIE) $_COOKIE = array_map('mysql_real_escape_string',array_map('ht mlspecialchars',$_COOKIE));
?>

Of course this forum screws up the "htmlspecialchars" it's actually all one word.
__________________

My s939 rig build log thread - 4600+ @ 2.8Ghz stable

Aumotocnic "An unfortunate member of the overclock.net insomnia club"

Quebec Overclockers - 8019 in 3dMark06

s939 Manny 4600+ @ 2809Mhz @ 1.425V (9 hours Orthos blend test stable - 24/7 Usage) - http://valid.x86-secret.com/show_oc.php?id=289741
@ 2945Mhz @ 1.45V (YAY! - Not stable, doh!) - http://valid.x86-secret.com/show_oc.php?id=276669

System: Beast from the East
CPU
AMD x2 4600+ @ 2.8Ghz		 Motherboard
Asus A8N-SLI SE		 Memory
2GB Kingston Value DDR400 		Graphics Card
Asus 8800GTS 320MB
Hard Drive
80G Seagate SATA		 Sound Card
SoundBlaster Audigy SE		 Power Supply
Thermaltake Purepower 500W		 Case
Antec 900 (modded)
CPU cooling
AS5 + Zalman CNPS9700 LED		 GPU cooling
Stock		 OS
Windows Vista Ultimate		 Monitor
Samsung Syncmaster 730B (17" yay!)
Last edited by Starholdest : 03-21-08 at 12:28 AM.
Starholdest is offline Starholdest's Gallery   Reply With Quote
Old 03-21-08   #6 (permalink)
Programmer
 
Dismounted's Avatar
 
intel ati

Join Date: Oct 2007
Posts: 290

Rep: 29 Dismounted is acknowledged by some
Unique Rep: 20
Folding Team Rank: 557
Hardware Reviews: 2
Trader Rating: 0
Default
If you're just going through an array, using foreach will be slightly faster.
__________________
System: Powered By Xeon
CPU
Intel Xeon X3320 (45nm Quad)		 Motherboard
ASUS Maximus "Rampage" Formula SE		 Memory
4GB (4x1GB) Crucial Ballistix Tracer DDR2-800 		Graphics Card
ASUS EAH3870 512MB
Hard Drive
WD Raptor 150GB, WD Caviar SE16 500GB + 250GB		 Sound Card
ASUS SupremeFX II		 Power Supply
Corsair HX-620		 Case
Cooler Master RC-690
CPU cooling
Thermalright Ultima-90I		 GPU cooling
Stock		 OS
Windows Vista 64-bit		 Monitor
Samsung 226BW
Dismounted is offline I fold for Overclock.net   Reply With Quote
Reply

« Previous Thread | Next Thread »


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools



All times are GMT -4. The time now is 07:48 PM.

Contact Us - Overclock.net - Archive - Top

Overclock.net is a Carbon Neutral Site Creative Commons License Internet Security By ControlScan

Terms of Service / Forum Rules | Privacy Policy | Advertising | Become an Official Vendor
Copyright © 2008 Shogun Interactive Development. Most rights reserved.
Page generated in 0.16281 seconds with 9 queries