PHP Classes

This class has some moderate security and fatal errors.

Recommend this page to a friend!

      SQLite and MySQL  >  All threads  >  This class has some moderate...  >  (Un) Subscribe thread alerts  
Subject:This class has some moderate...
Summary:Package rating comment
Author:Artur Graniszewski
Date:2010-08-25 09:56:31

Artur Graniszewski rated this package as follows:

Utility: Bad
Consistency: Good
Examples: Sufficient

  1. This class has some moderate...   Reply   Report abuse  
Picture of Artur Graniszewski Artur Graniszewski - 2010-08-25 09:56:31
This class has some moderate security and fatal errors.


For example in mysql.php:

// Static functions
static function AddSlashes($string) {

return addslahes($string);


static function StripSlashes($string) {

return stripslahes($string);


1) there is a typo: should be stripslashes() not stripslahes(), and addslashes() not addslahes(). Looks like you haven't tested this before, because this kind of mistake raises E_FATAL error.

2) if you read PHP documentation, addslashes works in MySQL by lucky coincidence and really shouldn't be used in this context. You should use mysql_real_escape_string($sql, $connectionHandler), because its more secure and helps to prevent various SQL injections.

The same applies to SQLite class.

For more information send a message to info at phpclasses dot org.