I have a old system without any check for sql injection and I want to add mysqli_real_escape_string()
every time user intract with the DB.
All of the system is built under index.php. the page look like that:
if (!isset($_GET['p'])) {
$_GET['p'] = 'main';
}
if (!file_exists($_GET['p'].".php")) {
echo "The page you are looking for isn't exist.";
} else {
if (logs()) {
include($_GET['p'].".php");
}
else {
include('not_register.php');
}
}
I thought of just adding this code in the top oh index.php
and I wanted to be sure I'm not messing up with anything so i'm asking here.
foreach ($_POST as $name => $val) {
$_POST[$name] = mysqli_real_escape_string($db, $val);
}
This code running every reload of page will have any negative influence?
thx.