Forums
| e107 Coders.org :: Forums :: E107 Plugins :: Q & A |
|
<< Previous thread | Next thread >> |
| $sql->db_Insert, db_Update: addslashes? | ||
| Author | Post | ||
| Barre |
| ||
 Registered Member #291 Joined: Wed Jun 04 2003, 07:58AMLocation: Posts: 50  | Hi. After a couple of years I've decided to go back to e107 and give it a shot :) And I must say, there's been some changes in the plugin architecture.... Just one question. If I'm adding and/or updating records in the databae using the db class am I responsible as plugin the plugin writer to escape the strings inorder to protect against SQL injections? I quickly browsed through the mysql_handler.php and didn't see anything so I thought i better asked the question. Cheers | ||
| bugrain |
| ||
  Registered Member #22953 Joined: Fri Mar 25 2005, 03:21AMLocation: Posts: 1031 | Welcome back - hopefully you're finding the new architecture better. There is information on plugin making on the e107 wiki which should help you. To answer your question, yes, you are responsible for any encoding/decoding. have a look at the e_parse class, there are functions in that class specifically for this sort of thing. | ||
| Back to top | | ||
| Barre |
| ||
| Registered Member #291 Joined: Wed Jun 04 2003, 07:58AMLocation: Posts: 50 | Thanks for a quick reply.. I looked at the wiki page, .... I think the e_parse_class is what I'm looking for.. Cheers [ Edited Wed Nov 29 2006, 05:21AM ] | ||
| Back to top |
| ||
| Barre |
| ||
| Registered Member #291 Joined: Wed Jun 04 2003, 07:58AMLocation: Posts: 50 | ooops... duouble post [ Edited Wed Nov 29 2006, 05:22AM ] | ||
| Back to top |
| ||
|
| |||
Powered by e107 Forum System
