Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Fix SQL Issues in these files #1 #2095
SQL Parameters need to be bound for security reasons in multiple places in this file.
Sample Problematic and Fixed Example:
This is a simple issue for first timers / those new to open source or PHP. Please feel free to contact myself or @bradymiller for more instructions.
hi @bradymiller ,
Good question Arjuna Check out this pull request I made where Brady goes in depth on what to do Short answer is you’re right tables don’t work like the other stuff have to use special function…
Sent from my iPhone
On Jan 3, 2019, at 7:33 PM, Arjuna Kristophe Sankar ***@***.***> wrote: hi @bradymiller , I just got a chance to check it out. I have a question though. Is it safe to assume that the table name will not be bound via the array? or will I need to bind the table name as well? Am I on the right track with: $trow = sqlQuery("SELECT value FROM form_$spreadsheet_form_name WHERE " . "id = ? AND rownbr = -1 AND colnbr = -1", array($tempid)); or $trow = sqlQuery("SELECT value FROM form_? WHERE id = ? AND rownbr = -1 AND colnbr = -1", array($spreadsheet_form_name, $tempid)); Thanks. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.
hi @kristophesankar ,
This function can be found here: