PHP function:
mysql_real_escape_string()
//This stops SQL Injection in POST vars
foreach ($_POST as $key => $value) {
$_POST[$key] = mysql_real_escape_string($value);
}
//This stops SQL Injection in GET vars
foreach ($_GET as $key => $value) {
$_GET[$key] = mysql_real_escape_string($value);
}
Tuesday, April 17, 2012
Friday, April 13, 2012
Add POST data to SESSION
foreach ($_POST as $key => $val) {
$val = str_replace("\'", "`", $val);
$val = str_replace("\\", " ", $val);
$_SESSION[$key]=trim($val);
}
foreach ($_SESSION as $key => $val) {
$_SESSION[$key]=str_replace("\'", "`", $val);
$_SESSION[$key]=str_replace("\\", " ", $val);
}
$val = str_replace("\'", "`", $val);
$val = str_replace("\\", " ", $val);
$_SESSION[$key]=trim($val);
}
foreach ($_SESSION as $key => $val) {
$_SESSION[$key]=str_replace("\'", "`", $val);
$_SESSION[$key]=str_replace("\\", " ", $val);
}
Output buffering
ob_start();
echo "ABC ";
$out1 = ob_get_contents();
echo "XYZ";
$out2 = ob_get_contents();
ob_flush();
echo "
------------------
$out1,$out2";
echo "ABC ";
$out1 = ob_get_contents();
echo "XYZ";
$out2 = ob_get_contents();
ob_flush();
echo "
------------------
$out1,$out2";
Subscribe to:
Comments (Atom)