Hello,
I'm currently working on a mod for my website and I was wondering if when getting user input from a form, their is anything I need to do to the data before I for example, insert it into the DB, or is just using request_var(); enough? I want to make sure I'm not opening up a possibility for SQL injection
request_var question.
- Mr. Bond
- Member
- Posts: 89
- Joined: 30 Mar 2008, 20:34
- Real name: Bobby
- Location: 127.0.0.1 [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable
request_var question.
• •
- igorw
- Past Contributor
- Posts: 1967
- Joined: 01 Jun 2006, 20:48
- Real name: Igor [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable
Re: request_var question.
Hi,
yes, if you're not using $db->sql_build_array() you have to run it through $db->sql_escape().
yes, if you're not using $db->sql_build_array() you have to run it through $db->sql_escape().
- we're poor!
- Mr. Bond
- Member
- Posts: 89
- Joined: 30 Mar 2008, 20:34
- Real name: Bobby
- Location: 127.0.0.1 [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable
Re: request_var question.
• •
Return to “phpBB Development discussion”
Who is online
Users browsing this forum: No registered users and 23 guests