Report message:*
 

Re: Proposal to secure $xoopsDB->query method

Subject: Re: Proposal to secure $xoopsDB->query method
by skenow on 2008/4/5 6:03:11

Yes, union should not be allowed to be added to a query string, unless it is a valid portion of a field, like it is here.The same goes for all the forbidden words, not all occurrences of them are going to be malicious.

I suggest we look at GIJOE's Protector for his patterns, the PHP page on SQL injection and this class for safeSQL