[Release] PHOENIXPHP AND OTHER CMS: Fix (almost) all SQL injection holes

[imstr]

Sick of fixing all sql injections in PhoenixPHP? Here's a little tip to fix (almost) all holes!
step 1: open global.php
step 2 add under "$users = new Users();"

PHP Code:

foreach($_GET as $key => $value){
$_GET[$key]=$core->EscapeString($value);
}
foreach($_POST as $key => $value){
$_POST[$key]=$core->EscapeString($value);
}
foreach($_REQUEST as $key => $value){
$_REQUEST[$key]=$core->EscapeString($value);
} 


step 3: Save and you're done!

PS: you can use it for other cmses also: add this to a file like global.php or config.php

PHP Code:

foreach($_GET as $key => $value){
$_GET[$key]=mysql_real_escape_string(stripslashes(trim(htmlspecialchars($value))));
}
foreach($_POST as $key => $value){
$_POST[$key]=mysql_real_escape_string(stripslashes(trim(htmlspecialchars($value))));
}
foreach($_REQUEST as $key => $value){
$_REQUEST[$key]=mysql_real_escape_string(stripslashes(trim(htmlspecialchars($value))));
} 


[Hejula]

Surprised someone never released something like this before. Nice work :)

[Akimbo]

Ah, good work my friend!

[joopie]

Surprised someone never released something like this before. Nice work :)

It's in brickphp? visualccms?

[Hejula]

It's in brickphp? visualccms?

Not PhoenixPHP though. + No one has made this as release...

[imstr]

It's in brickphp? visualccms?

Never used those. Didn't know it was possible before i wrote it.

[GertJanA]

You did a great Job dude!

Greetz,

[Livar]

Good job!

[tomad]

thanks!

[ηєwв]

thanks dude

[ησвяαιη]

Wait, so all this guy did was take this code out of BrickPHP and then just release it? O.o

[Mister. M]

Sick of fixing all sql injections in PhoenixPHP? Here's a little tip to fix (almost) all holes!
step 1: open global.php
step 2 add under "$users = new Users();"

PHP Code:

foreach($_GET as $key => $value){
$_GET[$key]=$core->EscapeString($value);
}
foreach($_POST as $key => $value){
$_POST[$key]=$core->EscapeString($value);
}
foreach($_REQUEST as $key => $value){
$_REQUEST[$key]=$core->EscapeString($value);
} 


step 3: Save and you're done!

PS: you can use it for other cmses also: add this to a file like config.php

PHP Code:

foreach($_GET as $key => $value){
$_GET[$key]=mysql_real_escape_string(stripslashes(trim(htmlspecialchars($value))));
}
foreach($_POST as $key => $value){
$_POST[$key]=mysql_real_escape_string(stripslashes(trim(htmlspecialchars($value))));
}
foreach($_REQUEST as $key => $value){
$_REQUEST[$key]=mysql_real_escape_string(stripslashes(trim(htmlspecialchars($value))));
} 


You're telling me i ripped? rofl! Look at the filters. You use 20, i use 1! :)

[imstr]

Wait, so all this guy did was take this code out of BrickPHP and then just release it? O.o

actualy i never used BrickPHP. I wrote it myself. It could be that the same code is in BrickPHP

You're telling me i ripped? rofl! Look at the filters. You use 20, i use 1! :)

i used the standard filter of phoenixphp

[leenster]

Stop giving the guy a hard time. This is very useful and effective. Yes joopie has code similar to this but this guy made it work for phoenixphp and will help a lot of people.

Good job.
Posted via Mobile Device

[Hejula]

Wait, so all this guy did was take this code out of BrickPHP and then just release it? O.o

Lol, piss off. This is a generic foreach statement, anyone could have made it. It was not trademarked of BrickPHP because it had it first.