Re: Proposal to secure $xoopsDB->query method
Posted by skenow on 1207367671
To get this to do anything, I had to escape most of the quotes.
I'm not sure what the section to remove the separators accomplishes, nor do I think you want to remove all of them, if that is the intent. They are valid in text areas - don't you think? They also are important to MySQL in properly casting the parameters. MySQL can and does convert them, but it takes additional processing time.
This Post was from: https://www.impresscms.org/iforum/viewtopic.php?topic_id=1438&post_id=13481