is this file secure?

[frank1]

i have this strategy to take data from a search box which is takes input and pass data to this page with get

PHP Code:

<?php 
                function cleanall() 
{ 
foreach($_GET as $key => $val) 
{ 
$_GET[$key] = stripslashes(strip_tags(htmlspecialchars($val, ENT_QUOTES))); 
$$key = stripslashes(strip_tags(htmlspecialchars($val, ENT_QUOTES))); 
} 
} 


                 echo "<div class=\"box_title_blue\">Following bbb has been found for this query</div>" ;        
$cb = ( isset($_GET['cb']) ) ? $_GET['cb'] : 0; // type it is strictly numeric ..from database 
$cb=(int) $cb; 

// Default to 0 (all) if not set 
$exp = ( isset($_GET['exp']) ) ? trim($_GET['exp']) : 0; //experience  it is also strictly numeric 
$exp=(int) $exp; 
// Default to 0 if not set 
if ( !ctype_alnum($_GET ['jobt']))//it can be either 'a' for all or some number so i am trying to make this better but how can i do that 
{ 
echo "only A-Z a-z 0-9 are Allowed"; 
exit(); 
} 
else 
{ 
// Default to 0 if not set 
$jobt = ( isset($_GET['jobt']) ) ? $_GET['jobt'] : 0; // 
} 
// Default to 0 if not set 
if ( !ctype_alnum($_GET ['edu']))//'a' or some  number 
{ 
echo "only A-Z a-z 0-9 are Allowed"; 
exit(); 
} 
else 
{ 
// Default to 0 if not set 
$edu = ( isset($_GET['edu']) ) ? $_GET['edu'] : 0; //qualification 
} 
$city = ( isset($_GET['city']) ) ? $_GET['city'] : 0; //city//will be alnumeric 
$sal1 = ( isset($_GET['sal1']) ) ? $_GET['sal1'] : 0; // strictly number 
$sal1=(int)$sal1; 
  $sal2 = ( isset($_GET['sal2']) ) ? $_GET['sal2'] : 9999999; //numeric 
          $sal2=(int)$sal2; 
          cleanall(); 
  $trimmed = trim($var); //trim whitespace from the stored variable 
require_once ('../../dbconnect.php'); 
                        $query = "SELECT *  FROM table where category=$cb and salary>$sal1 and salary<$sal2 and 

experi>=$exp";

how secure is this code and from where can cracker crack this...specially sql injection but other as well
i am still updating it...but any security loop holes ?
can it be made better?
by the way well it take care of datatype and ' " and all but i can concerned about if some body pass command through get like

SHUTDOWN and all
how can i intregrate protection from that part in this code

i notice when i use GET and all values are seen in address bar it is much provoking user to change data and see the result so is it

good to use POST here
What can be disadvantages of doing so?

[frank1]

why no comments i am amazed
atleast there can be some thing ..
may be good or bad
it went to 2nd page of forum listing in no time...
any way any comments

[william232]

it takes day or weeks to get a reply man take ur time.

[ashattuc]

Here's the steps I would like:

1. strip_tags();
2. Use the following code from the php manual to decide what to do with slashes and add the mysql_real_escape_string() function:

PHP Code:

function quote_smart($value)
 {
     // Stripslashes
     if (get_magic_quotes_gpc()) {
         $value = stripslashes($value);
     }
     // Quote if not a number or a numeric string
     if (!is_numeric($value)) {
         $value = "'" . mysql_real_escape_string($value) . "'";
     }
     return $value;
 } 


3. Add quotes around the value when you insert it into the database.

As far as I know, this should be a pretty good defense against SQL injection. Let me know if I missed anything.

[frank1]

it takes day or weeks to get a reply man take ur time.

i have been here for 1.5 yrs now and i dont quite agree with it.
Once the pages are pushed to behind page 1 or 2 people hardly bother to search and reply things...
after all most people answers and discuss on page 1 tropic
any way never mind

about 2nd reply
well i have that code as well
but i want to know what is wrong with that initial code
it is also filtering each POST and GET..
is second method superior then first one..
i am trying to know
thanks for answer...
is initial code vunerable to cracks?

[ashattuc]

Your initial code is probably secure, simply because it forces the integer type before doing the query. Here's a couple things you could improve on it, though:

1. Since all the inputs are integers, create a function and call the function each time you want to validate. You'll cut your code size down by 60%.

2. Before you striptags, you might want to check if magic_quotes are on. I'm not sure if it makes too much of a difference, but if you use strip_quotes arbitrarily, it might end up stripping a valid backslash. I'm not certain about this, though.

For validating strings, I'd keep in mind my previous post.

Good luck!
Chris

[frank1]

is only way of checking magic_quotes are on/off is through phpinfo() file?

by the way how to be safe from one who try to execute commands like
etc/password etc through url injection

[ashattuc]

Here's an example of checking if magic_quotes are on:

PHP Code:

if (get_magic_quotes_gpc()) {
         $value = stripslashes($value);
     } 


As far as URL injection goes, you'd apply the same principles for $_GET and $_POST variables. If you're going to be performing a query based on those variables, then you should perform cleanup on them. If someone can put it in the URL, the can also spoof a $_POST variable, so you should treat them the same.