Username:
Password:
Search for Plugins: Advanced
Please Sign in, Register or Resend Activation Email

Forums

  e107 Coders.org :: Forums :: E107 Plugins :: Q & A
 
<< Previous thread | Next thread >>  
$sql->db_Insert, db_Update: addslashes?          
Author Post
Barre
Wed Nov 29 2006, 12:13AM
Registered Member #291
Joined: Wed Jun 04 2003, 07:58AM
Location:
Posts: 50
Website
Hi.
After a couple of years I've decided to go back to e107 and give it a shot :)
And I must say, there's been some changes in the plugin architecture....

Just one question.
If I'm adding and/or updating records in the databae using the db class am I responsible as plugin the plugin writer to escape the strings inorder to protect against SQL injections? I quickly browsed through the mysql_handler.php and didn't see anything so I thought i better asked the question.

Cheers
bugrain
Wed Nov 29 2006, 05:11AM

Registered Member #22953
Joined: Fri Mar 25 2005, 03:21AM
Location:
Posts: 1031
Welcome back - hopefully you're finding the new architecture better.

There is information on plugin making on the e107 wiki which should help you.

To answer your question, yes, you are responsible for any encoding/decoding. have a look at the e_parse class, there are functions in that class specifically for this sort of thing.
Back to top
Barre
Wed Nov 29 2006, 05:16AM
Registered Member #291
Joined: Wed Jun 04 2003, 07:58AM
Location:
Posts: 50
Thanks for a quick reply..
I looked at the wiki page, ....

I think the e_parse_class is what I'm looking for..

Cheers

[ Edited Wed Nov 29 2006, 05:21AM ]
Back to top
Website
Barre
Wed Nov 29 2006, 05:16AM
Registered Member #291
Joined: Wed Jun 04 2003, 07:58AM
Location:
Posts: 50
ooops... duouble post

[ Edited Wed Nov 29 2006, 05:22AM ]
Back to top
Website
 

Jump:     Back to top

Syndicate this thread: rss 0.92 Syndicate this thread: rss 2.0 Syndicate this thread: RDF
Powered by e107 Forum System
Render time: 0.0770 sec, 0.0120 of that for queries. DB queries: 33.