|
| |
1. this class isn't safe for sql injection, i added a small func... |
|
Reply |
|
|
Andrea Venturi | 2008-06-15 13:28:43 |
| this class isn't safe for sql injection, i added a small function for parsing inputs before use in production. |
| |
2. Re: this class isn't safe for sql injection, i added a small fun |
|
Reply |
|
|
John Vaughan | 2008-08-22 16:46:25 |
Hello Andrea,
Would you mind posting your modifications? I think this is a great class as well, but needs some SQL injection prevention to round it off. You can also email me directly at jjvaughan at gmail
Thanks for sharing!
-John |
| |
3. Re: this class isn't safe for sql injection, i added a small fun |
|
Reply |
|
|
Andrea Venturi | 2008-09-02 19:35:34 |
I took the escape function from this class: http://www.phpclasses.org/browse/file/13783.html
function sql_quote($value)
{
if( get_magic_quotes_gpc() )
{
$value = stripslashes($value);
}
//check if this function exists
if( function_exists( 'mysql_real_escape_string' ) )
{
$value = mysql_real_escape_string($value, $this->dbh);
}
//for PHP version < 4.3.0 use addslashes
else
{
$value = addslashes($value);
}
return $value;
} |
|
Advertise on this site
Site map
Statistics
Site tips
Privacy policy
Contact