View Full Version : SQL Query security?
rockinaway
09-22-2008, 06:22 PM
Which security checks should I do before using a query_write?
I have some form data that I need to insert into the DB. Is this handled by vB?
King Kovifor
09-22-2008, 06:39 PM
Moving to correct forum but,
https://vborg.vbsupport.ru/showthread.php?t=154411
Read that thread.
Guest190829
09-22-2008, 06:40 PM
You need to be a little more specific. If you are writing the query to insert the data, it is your job to sanitize all the variables before doing so.
All strings must be escaped with $vbulletin->_db->escape_string() [I think that is the function name IIRC]. Before doing that though, you need to use vBulletin's input cleaner to sanitize the vars:
See Create Secure Mods (https://vborg.vbsupport.ru/showthread.php?t=154411) article for more info.
vBulletin® v3.8.12 by vBS, Copyright ©2000-2024, vBulletin Solutions Inc.