Hi ooxi, 2013/4/4 ooxi <[email protected]> > > How Do you prevent SQL Injections with OXID eShop? I wanted to look up the > documentation on aodblite.sf.Net, but the Site tells Me it could Not > connect to the database :D > > I Know that aodblite provides some Kind of Auto escaping mechanism for > inserts but i Do Not Know how to use it in combination with > oxList::selectString.
Usually i use the "$aParams" for oxLegacyDb::getOne, GetAll, execute etc. This params are used to replace the "?" wildcards in the query and are escaped automatically ... but i know no automatic way for oxList::selectString. I wrap my parts for selectString with ->quote() aswell. Regards, Björn
_______________________________________________ dev-general mailing list [email protected] http://dir.gmane.org/gmane.comp.php.oxid.general
