CodeCharge Studio
search Register Login  

Web Reports

Visually create Web Reports in PHP, ASP, .NET, Java, Perl and ColdFusion.
CodeCharge.com

YesSoftware Forums -> CodeCharge Studio -> PHP

 CCGetParam Sanitized?

 Print topic Send topic

Author Message
sosamv

Posts: 50
Posted: 01/19/2009, 2:22 PM
CCGetParam is safe against code injection?

example:

$db->query("select * from tblcars where ID_Car =".CCGetParam("ID_Car",""));

Thanx
View profile  Send private message
sosamv

Posts: 50
Posted: 01/20/2009, 3:45 PM
anyone? hehe
View profile  Send private message
damian

Posts: 838
Posted: 01/20/2009, 8:01 PM
you've seen how others have done their testing....

_________________
if you found this post useful take the time to help someone else.... :)
View profile  Send private message
sosamv

Posts: 50
Posted: 01/21/2009, 10:02 AM
no i have not, what do you mean?
View profile  Send private message
n0000spam

Posts: 15
Posted: 02/03/2009, 6:21 AM
function CCGetFromPost($parameter_name, $default_value = "")
{
return isset($_POST[$parameter_name]) ? CCStrip($_POST[$parameter_name]) : $default_value;
}

function CCStrip($value)
{
if(get_magic_quotes_gpc() != 0)
{
if(is_array($value))
foreach($value as $key=>$val)
$value[$key] = stripslashes($val);
else
$value = stripslashes($value);
}
return $value;
}

Using $db->ToSQL() function better.
View profile  Send private message

Add new topic Subscribe to topic   


These are Community Forums for users to exchange information.
If you would like to obtain technical product help please visit http://support.yessoftware.com.

PHP Reports

Visually create Web Reports in PHP, ASP, .NET, Java, Perl and ColdFusion.
CodeCharge.com

Home   |    Search   |    Members   |    Register   |    Login


Powered by UltraApps Forum created with CodeCharge Studio
Copyright © 2003-2004 by UltraApps.com  and YesSoftware, Inc.