Subject: | There is no SQL escaping methods,... |
Summary: | Package rating comment |
Messages: | 6 |
Author: | Artur Graniszewski |
Date: | 2011-02-27 17:06:15 |
Update: | 2012-02-08 03:39:25 |
|
|
|
Artur Graniszewski rated this package as follows:
Utility: | Insufficient |
Consistency: | Good |
|
Artur Graniszewski - 2011-02-27 17:06:22
There is no SQL escaping methods, nor PDO data binding methods.
Good job with the various databases compatibility (method to get latest ID, etc.) Maybe you should add SHOW TABLES, and SHOW DATABASES equivalents?
Evert Ulises German Soto - 2011-02-27 23:09:54 - In reply to message 1 from Artur Graniszewski
Ok Artur, in the next version you will see and use the functions that you comment. Thanks for you comment.
Evert Ulises German Soto - 2011-10-14 16:34:25 - In reply to message 1 from Artur Graniszewski
Hi Artur just for notify, the class has been updated. today include one method for secure statements, binding the params. i hope that you liked the changes.
Ignacio Colautti - 2012-01-25 14:58:25 - In reply to message 3 from Evert Ulises German Soto
If you bindParam an email, or anything with a @, you're doom.
$email = $_POST["email"];//"desarrollo@innatia.com";
$params = array(":email@".$email."@STR");
$rows = $this->db->query_secure("SELECT password FROM usuarios WHERE email = :email LIMIT 1;", $params, true);
How can you escape it ?
Ignacio Colautti - 2012-02-07 15:15:41 - In reply to message 4 from Ignacio Colautti
I change the separator to [[@]].
But now i have another problem :)
rowcount() doesnt work with query_secure's queries.
Any ideas without using PHP count() ?
Evert Ulises German Soto - 2012-02-08 03:39:25 - In reply to message 5 from Ignacio Colautti
Hi Ignacio give me a lot time for testing the class and modify for better functionally...
|