There is no SQL escaping in this class (so it's insecure and ...

Recommend this page to a friend!

      Estoy Database system  >  All threads  >  There is no SQL escaping in this...  >  (Un) Subscribe thread alerts  
Subject:There is no SQL escaping in this...
Summary:Package rating comment
Messages:2
Author:Artur Graniszewski
Date:2011-03-23 09:23:49
Update:2011-03-27 22:34:05
 

Artur Graniszewski rated this package as follows:

Utility: Sufficient
Consistency: Good
Examples: Good

  1. There is no SQL escaping in this...   Reply   Report abuse  
Picture of Artur Graniszewski Artur Graniszewski - 2011-03-23 09:23:49
There is no SQL escaping in this class (so it's insecure and vulnerable to all kinds of SQL injection attacks from the hackers), but otherwise: job well done!

Add:
* SQL escaping for the values (mysql_escape_string()),
* backtick escaping for name of the columns,
* try to include CSS styles only once in your error handler if there is more than one error reported per user page.

  2. Re: There is no SQL escaping in this...   Reply   Report abuse  
Picture of Amr Alaa Amr Alaa - 2011-03-27 22:34:05 - In reply to message 1 from Artur Graniszewski
Thank you for your comment, but there are some points that should be clarified
1 - You can use the programmer (mysql_escape_string ()) according to his needs
2 - the error appears on the display by the number of errors made ​​in the case of variable $ Exit = false
And you can not view the final errors
Greetings to you ...

 

For more information send a message to info at phpclasses dot org.