CMS Made Simple Forums

Content management as it is meant to be
https://forum.cmsmadesimple.org/

[Solved] How to prevent sql injection

https://forum.cmsmadesimple.org/viewtopic.php?t=51887

Page 1 of 1

[Solved] How to prevent sql injection

Posted: Mon Feb 14, 2011 12:59 am
by jeverd01
Is there a class / method to sanitize sql. Should I sanitize everything that is passed in the admin panel as params, or is this somehow handled by cmsms automatically?

Also any tips on how to read the api docs would be appeciated. I can't seem to find anything I am looking for ! :-[

Re: How to prevent sql injection

Posted: Mon Feb 14, 2011 1:20 am
by jeverd01
I see that adodb lite is used. Does this sanitize data when execute is ran? I can't seem to find the answer to this in the docs.

Re: How to prevent sql injection

Posted: Mon Feb 14, 2011 2:01 am
by Wishbone
Look at an existing module's <module>.module.php. Look at the SetParameters() function. This allows you to restrict which parameters are used, and tell CMSMS the type, i.e. CLEAN_INT, CLEAN_STRING.. If the parameter doesn't match your criteria, it will be removed.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited