Re: Proposal to secure $xoopsDB->query method |
Subject: Re: Proposal to secure $xoopsDB->query method by skenow on 2008/4/4 20:54:31 To get this to do anything, I had to escape most of the quotes. I'm not sure what the section to remove the separators accomplishes, nor do I think you want to remove all of them, if that is the intent. They are valid in text areas - don't you think? They also are important to MySQL in properly casting the parameters. MySQL can and does convert them, but it takes additional processing time. |