undefined | Better HN

0 points_lce011y ago0 comments

No matter how hard you try. If queries are dynamically created, you (or your lib's user) will most certainly miss a spot were an attacker cloud sneak an offensive query.

You fixed the $i, but what about $table? What about $conditions's keys?

See the problem? And we are just talking about a single method ;-)

0 comments

sarciszewski11y ago

Valid points, but regrettably they were ones I had already addressed in subsequent changes.

I linked to a single commit.

I probably should have linked to the master branch instead. (Also, I just pushed another update as I wrote this.)

https://github.com/resonantcore/lib/blob/master/src/DB.php

j / k navigate · click thread line to collapse