| Subject: | There is no SQL escaping in this... |
|---|
| Summary: | Package rating comment |
|---|
| Messages: | 2 |
|---|
| Author: | Artur Graniszewski |
|---|
| Date: | 2011-03-23 09:23:49 |
|---|
| Update: | 2011-03-27 22:34:05 |
|---|
| |
|
|
Artur Graniszewski rated this package as follows:
| Utility: | Sufficient |
|---|
| Consistency: | Good |
|---|
| Examples: | Good |
|---|
|
|
 Artur Graniszewski - 2011-03-23 09:23:49 There is no SQL escaping in this class (so it's insecure and vulnerable to all kinds of SQL injection attacks from the hackers), but otherwise: job well done!
Add:
* SQL escaping for the values (mysql_escape_string()),
* backtick escaping for name of the columns,
* try to include CSS styles only once in your error handler if there is more than one error reported per user page.
 Amr Alaa - 2011-03-27 22:34:05 - In reply to message 1 from Artur GraniszewskiThank you for your comment, but there are some points that should be clarified
1 - You can use the programmer (mysql_escape_string ()) according to his needs
2 - the error appears on the display by the number of errors made ​​in the case of variable $ Exit = false
And you can not view the final errors
Greetings to you ...
|
