Re: Proposal to secure $xoopsDB->query method
Posted by Vaughan on 1207404803
would it not be ok to seperate db->query for types of query.
for example
add a flag to function dbquery & validate_query etc?
function validate_query($q, type='select')
so now if the type field is set, then the only allowed function in the query will be select
type='drop'
only a drop query allowed.
type='all' all methods
type='update' only update allowed
type='custom' a custom selection (can be defined in the module or core, allowing a specific complex query to be constructed).
This Post was from: https://www.impresscms.org/iforum/viewtopic.php?topic_id=1438&post_id=13510