Anti SQL Injection on dates

Asked

Viewed 28 times

3

I have a problem and do not know how to solve, I use this function to validate the receipt of some variables:

  if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

The variables are being treated like this:

$IdCategoria = GetSQLValueString($_POST['IdCategoria'],"int");
$IdUnicoop   = GetSQLValueString($_POST['IdUnicoop'], "int");
$Palavra     = GetSQLValueString('%'.$_POST['Palavra'].'%',"text");

I would like to do the treatment for some dates I have, they are being received so:

$DtInicial   = $_POST['DtInicial'];
$DtFinal     = $_POST['DtFinal'];   
  • 1

    Did you give any trouble at: $DtInicial = GetSQLValueString($DtInicial, 'date'); ?

  • 2

    Although the examples of the indicated question are completely different from your code, it is the case of refactoring your original idea with the concepts of the answers there. If the problem is just converting the dates to Mysql format, I believe we already have posting this direction as well. On the question of dates, if you want to elaborate better, with examples of the data entered, there may be enough to reopen.

No answers

Browser other questions tagged

You are not signed in. Login or sign up in order to post.