Report message:*
 

Re: Proposal to secure $xoopsDB->query method

Subject: Re: Proposal to secure $xoopsDB->query method
by skenow on 2008/4/4 20:54:31

To get this to do anything, I had to escape most of the quotes.

I'm not sure what the section to remove the separators accomplishes, nor do I think you want to remove all of them, if that is the intent. They are valid in text areas - don't you think? They also are important to MySQL in properly casting the parameters. MySQL can and does convert them, but it takes additional processing time.