Database escape

If you've problems with unsupported - non official ;-) - functionalities use this forum please.
johan_further
Posts: 13
Joined: Thu 3. Jul 2008, 16:41

Database escape

Postby johan_further » Wed 9. Jul 2008, 13:39

I have designed a form that is supposed to post data that will be parsed and then inserted into the PHPWCMS database. What would be the the preferred way of escaping this data to avoid SQL-insertion issues? Are there already preferred functions in PHPWCMS that I should call to do this or should I use standard methods in PHP?

User avatar
Oliver Georgi
Site Admin
Posts: 9385
Joined: Fri 3. Oct 2003, 22:22
Location: Dessau
Contact:

Re: Database escape

Postby Oliver Georgi » Mon 21. Jul 2008, 21:08

Use DB Wrapper functions of phpwcms (search for dbQuery) and also use clean_slweg() and/or slweg() to retrieve all POST values.

There is also a function xss_clean(). Have a look at some of the samples inside the system.


Oliver
Oliver Georgi | phpwcms Developer | GitHub | LinkedIn


Return to “hacks & enhancements Support”

Who is online

Users browsing this forum: No registered users and 1 guest