I'm working on a database class of my own. I've got the following method:
/**
* query() performs a query on the selected database
*/
function query($dbQuery)
{
if (is_string($dbQuery))
$this->dbQuery = $dbQuery;
else
die("The submitted query isn't a string");
$this->queryResult = mysql_query($this->dbQuery)
or die("Couldn't perform the query: " . mysql_error());
}In the best of all words, variables that are part of the query string has been validated before going into the query. But if I sometimes forget to verify that user input doesn't contain dangerous code, I want to add some validating mechanism into the method above as well.
$dbQuery will be query string like "INSERT INTO $article_table SET a_header = '$a_header'". Is there anything I can do, inside the method, to increase security?
-- anders thoresson
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
