[Solved] How to prevent sql injection

Talk about writing modules and plugins for CMS Made Simple, or about specific core functionality. This board is for PHP programmers that are contributing to CMSMS not for site developers
Post Reply
jeverd01
Forum Members
Forum Members
Posts: 20
Joined: Thu May 20, 2010 2:00 am

[Solved] How to prevent sql injection

Post by jeverd01 »

Is there a class / method to sanitize sql. Should I sanitize everything that is passed in the admin panel as params, or is this somehow handled by cmsms automatically?

Also any tips on how to read the api docs would be appeciated. I can't seem to find anything I am looking for ! :-[
Last edited by jeverd01 on Mon Feb 14, 2011 3:18 am, edited 1 time in total.
Top
jeverd01
Forum Members
Forum Members
Posts: 20
Joined: Thu May 20, 2010 2:00 am

Re: How to prevent sql injection

Post by jeverd01 »

I see that adodb lite is used. Does this sanitize data when execute is ran? I can't seem to find the answer to this in the docs.
Top
Wishbone
Power Poster
Power Poster
Posts: 1368
Joined: Tue Dec 23, 2008 8:39 pm

Re: How to prevent sql injection

Post by Wishbone »

Look at an existing module's <module>.module.php. Look at the SetParameters() function. This allows you to restrict which parameters are used, and tell CMSMS the type, i.e. CLEAN_INT, CLEAN_STRING.. If the parameter doesn't match your criteria, it will be removed.
Top
Post Reply

Return to “Developers Discussion”