Facebook  Twitter 

SMFHacks.com

+-

SMFHacks.com

+- User Information

Welcome, Guest.
Please login or register.
 
 
 
Forgot your password?

+- Forum Stats

Members
Total Members: 4255
Latest: andreios
New This Month: 3
New This Week: 1
New Today: 0
Stats
Total Posts: 43260
Total Topics: 7518
Most Online Today: 297
Most Online Ever: 2482
(April 09, 2011, 07:02:45 pm)
Users Online
Members: 1
Guests: 234
Total: 235

Author Topic: Is mysql_real_escape_string Deprecated?  (Read 2735 times)

0 Members and 1 Guest are viewing this topic.

Offline shuban

  • Hero Member
  • *****
  • Posts: 665
    • View Profile
    • Biology Forums
Is mysql_real_escape_string Deprecated?
« on: September 26, 2014, 12:06:42 am »
If so, what should I use instead?

Furthermore, is this enough to 'purify' a $_Get variable from MYSQL injections?

Code: [Select]
$subject = $_GET['t'];
$subject = un_htmlspecialchars(stripslashes($subject));

Offline SMFHacks

  • Administrator
  • Hero Member
  • *****
  • Posts: 16436
    • View Profile
Re: Is mysql_real_escape_string Deprecated?
« Reply #1 on: September 26, 2014, 12:09:35 am »
Yes it is in face soon all mysql_ functions will be as well. Which I think it is a big mistake but o well.
For a direct replaces use addslashes

I use htmlspecialchars($variablehere,ENT_QUOTES);
For two reasons stops injection and cross site scripting issues.

Get your Forum Ranked! at https://www.forumrankings.net - find out how your forum compares with others!

Like What I do? Support me at https://www.patreon.com/vbgamer45/

Offline shuban

  • Hero Member
  • *****
  • Posts: 665
    • View Profile
    • Biology Forums
Re: Is mysql_real_escape_string Deprecated?
« Reply #2 on: September 26, 2014, 12:27:01 am »
Thank you!

Another question. How do I make a file inaccessible to anyone else but my server?

For instance, I have a source file that when accessed, will echo out results. This file is used by my website with AJAX refresh. So when you click a refresh button, AJAX accesses this file and throws the results. However, I don't want anyone directly visiting this page. Is this possible?

Offline SMFHacks

  • Administrator
  • Hero Member
  • *****
  • Posts: 16436
    • View Profile
Re: Is mysql_real_escape_string Deprecated?
« Reply #3 on: September 26, 2014, 06:30:11 am »
Not possible if it is accessed via ajax then it needs to be public
Get your Forum Ranked! at https://www.forumrankings.net - find out how your forum compares with others!

Like What I do? Support me at https://www.patreon.com/vbgamer45/

Offline shuban

  • Hero Member
  • *****
  • Posts: 665
    • View Profile
    • Biology Forums
Re: Is mysql_real_escape_string Deprecated?
« Reply #4 on: September 26, 2014, 08:19:39 am »
Code: [Select]
$subject = $_GET['t'];
$subject = un_htmlspecialchars(stripslashes($subject));
$subject = htmlspecialchars($subject,ENT_QUOTES);

Okay, just to double check, like this?

 

Related Topics

  Subject / Started by Replies Last post
1 Replies
2533 Views
Last post October 17, 2012, 09:16:40 pm
by SMFHacks
1 Replies
5724 Views
Last post February 27, 2014, 04:07:04 pm
by SMFHacks
1 Replies
3732 Views
Last post June 01, 2015, 01:51:47 pm
by SMFHacks
4 Replies
4510 Views
Last post December 03, 2016, 10:37:56 am
by Jens

+- Recent Topics

No thumbnails on new uploads by Tonyvic
Today at 06:26:18 am

Display the Contact Page for guests by SMFHacks
March 27, 2024, 10:55:43 am

is it possible to add support for odysee.com by fvlog19
March 21, 2024, 08:47:51 am

Request for admin notification by davejo
March 10, 2024, 01:31:59 am

I need help with torrent upload by Ineedsmfhelp
March 09, 2024, 10:01:13 pm

an idea for new mod (( content type with different display )) by SMFHacks
February 27, 2024, 01:36:27 pm

[Mod] RSS Feed Poster by SMFHacks
February 27, 2024, 11:57:18 am

find duplicate pictures by fvlog19
February 14, 2024, 02:22:40 pm

Error uploading video. by SMFHacks
February 08, 2024, 02:04:16 pm

Gallery icon as last added image by fvlog19
February 01, 2024, 01:04:56 pm

Powered by EzPortal