Re: Proposal to secure $xoopsDB->query method

Posted by Vaughan on 1207404803
would it not be ok to seperate db->query for types of query.

for example

add a flag to function dbquery & validate_query etc?

function validate_query($q, type='select')

so now if the type field is set, then the only allowed function in the query will be select

type='drop'

only a drop query allowed.

type='all' all methods

type='update' only update allowed

type='custom' a custom selection (can be defined in the module or core, allowing a specific complex query to be constructed).

This Post was from: https://www.impresscms.org/iforum/viewtopic.php?topic_id=1438&post_id=13510