Developing (v7+)

Sanitize Database Query

Permalink March 13, 2012 at 8:53 AM

I am from a Drupal background and am looking for the way concrete5 executes database queries to prevent SQL injection.

$db->Execute('SELECT firstName FROM friends WHERE sex = $_POST['sex']);

Obviously what I have at them moment is very poor, what is the way to generate dynamic queries the Concrete5 way?

ScottC replied on Mar 13, 2012 at 2:35 pm Permalink Reply

$db->Execute('SELECT firstName FROM friends WHERE sex = ?',array($sex));

before that I would look for valid erhm inputs for sex, and throw away any input that doesn't match via an in_array method.

mkly replied on Mar 13, 2012 at 3:37 pm Permalink Reply

Concrete5 uses the abodb php library. It's pretty straightforward. There is some decent documentation here.

http://phplens.com/lens/adodb/docs-adodb.htm...

Forums

Developing (v7+)

Sanitize Database Query

Code

Post Reply

Delete Post

Mark Post as Spam

Destroy Spammer

Sign In?