| Subject: | This class has some moderate... |
|---|
| Summary: | Package rating comment |
|---|
| Messages: | 1 |
|---|
| Author: | Artur Graniszewski |
|---|
| Date: | 2010-08-25 09:56:31 |
|---|
| |
|
|
Artur Graniszewski rated this package as follows:
| Utility: | Bad |
|---|
| Consistency: | Good |
|---|
| Examples: | Sufficient |
|---|
|
|
 Artur Graniszewski - 2010-08-25 09:56:31 This class has some moderate security and fatal errors.
FATAL ERRORS:
For example in mysql.php:
// Static functions
static function AddSlashes($string) {
return addslahes($string);
}
static function StripSlashes($string) {
return stripslahes($string);
}
1) there is a typo: should be stripslashes() not stripslahes(), and addslashes() not addslahes(). Looks like you haven't tested this before, because this kind of mistake raises E_FATAL error.
2) if you read PHP documentation, addslashes works in MySQL by lucky coincidence and really shouldn't be used in this context. You should use mysql_real_escape_string($sql, $connectionHandler), because its more secure and helps to prevent various SQL injections.
The same applies to SQLite class.
|
