开发者

PHP Adodb Active Record SQL Injection

I can't seem to ascertain whether or not the PHP Adodb Active Record, DB ORM secures against SQL Inject开发者_运维百科ion.

http://phplens.com/lens/adodb/docs-active-record.htm

Specifically I am using the updating and inserting methods, e.g.:

$person = new person();
$person->name_first = $_POST['firstname'];
$person->name_last  = $_POST['surname'];
$person->save();

Do the $_POST variables need to be escaped?


I just looked through the code-- it does escape out the variables you pass. You can confirm this by turning on debug mode... or even easier, try writing out a string with single and double quotes and see if it makes it into the table okay :-)

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜