Re: Proposal to secure $xoopsDB->query method |
Subject: Re: Proposal to secure $xoopsDB->query method by Vaughan on 2008/4/5 7:13:23 would it not be ok to seperate db->query for types of query. for example add a flag to function dbquery & validate_query etc? function validate_query($q, type='select') so now if the type field is set, then the only allowed function in the query will be select type='drop' only a drop query allowed. type='all' all methods type='update' only update allowed type='custom' a custom selection (can be defined in the module or core, allowing a specific complex query to be constructed). |