phpwcms Support Forum

The phpwcms support forum will help to find answers to your questions. The small but strong community is here since more than 10 years.
https://forum.phpwcms.org/

Database escape

https://forum.phpwcms.org/viewtopic.php?t=17474

Page 1 of 1

Database escape

Posted: Wed 9. Jul 2008, 13:39
by johan_further
I have designed a form that is supposed to post data that will be parsed and then inserted into the PHPWCMS database. What would be the the preferred way of escaping this data to avoid SQL-insertion issues? Are there already preferred functions in PHPWCMS that I should call to do this or should I use standard methods in PHP?

Re: Database escape

Posted: Mon 21. Jul 2008, 21:08
by Oliver Georgi
Use DB Wrapper functions of phpwcms (search for dbQuery) and also use clean_slweg() and/or slweg() to retrieve all POST values.

There is also a function xss_clean(). Have a look at some of the samples inside the system.


Oliver
All times are UTC+02:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited