Report message:*
 

Re: Proposal to secure $xoopsDB->query method

Subject: Re: Proposal to secure $xoopsDB->query method
by Vaughan on 2008/4/5 7:13:23

would it not be ok to seperate db->query for types of query.

for example

add a flag to function dbquery & validate_query etc?

function validate_query($q, type='select')

so now if the type field is set, then the only allowed function in the query will be select

type='drop'

only a drop query allowed.

type='all' all methods

type='update' only update allowed

type='custom' a custom selection (can be defined in the module or core, allowing a specific complex query to be constructed).