The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
is this code safe from sql injections?
I am new to coding vbulletin so I don't know the functions as such.
PHP Code:
|
#2
|
||||
|
||||
Yes it is safe from SQL injections.
However, you will get a compile error as there is a missing comma after the first TYPE_STR. Furthermore, if you store data this way, you must make sure to run it through the parser or htmlspecialchars_uni() before displaying it - otherwise you open Cross Site Scripting (XSS) leaks. If you don't need raw data in the table, you can store HTML safe strings by using data verification type TYPE_NOHTML instead. |
#3
|
|||
|
|||
I am getting a sql error
Here's the php PHP Code:
Code:
UPDATE testimonials SET name = 'erg4ewg', email = 'ewgwgew', text = 'gewgewrg <b>egeg</b>', WHERE testid = 1; MySQL Error : You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE testid = 1' at line 5 Error Number : 1064 |
#4
|
||||
|
||||
The last comma (before WHERE) is wrong.
|
#5
|
|||
|
|||
Wow I can't believe I missed that.
I think I'm done with the editing, do I give it to you to review or just re-upload the zip and send out an update? |
#6
|
|||
|
|||
Just re-upload the zip and send out an update.
|
#7
|
|||
|
|||
|
Thread Tools | |
Display Modes | |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|