Re: Proposal to secure $xoopsDB->query method |
Subject: Re: Proposal to secure $xoopsDB->query method by skenow on 2008/4/5 6:03:11 Yes, union should not be allowed to be added to a query string, unless it is a valid portion of a field, like it is here.The same goes for all the forbidden words, not all occurrences of them are going to be malicious. I suggest we look at GIJOE's Protector for his patterns, the PHP page on SQL injection and this class for safeSQL |