I'm working on a database class of my own. I've got the following method:
/** * query() performs a query on the selected database */ function query($dbQuery) { if (is_string($dbQuery)) $this->dbQuery = $dbQuery; else die("The submitted query isn't a string"); $this->queryResult = mysql_query($this->dbQuery) or die("Couldn't perform the query: " . mysql_error()); }
In the best of all words, variables that are part of the query string has been validated before going into the query. But if I sometimes forget to verify that user input doesn't contain dangerous code, I want to add some validating mechanism into the method above as well.
$dbQuery will be query string like "INSERT INTO $article_table SET a_header = '$a_header'". Is there anything I can do, inside the method, to increase security?
-- anders thoresson
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php