AVsitter

History

Sei Lisa a8ec1d4747 Change the string escaping strategy All variable values in SQL statements should use IntSQL or StrSQL as appropriate, rather than variables directly, with the exception of the table name. This is akin to using htmlspecialchars to include text in HTML, or urlencode to include text in a URL. Normally you have the text in raw form and convert it as appropriate depending on where you're inserting it.	2017-09-15 18:22:18 +02:00
..
settings-config.inc.php	Move configuration to a separate file.	2017-09-15 18:22:18 +02:00
settings.php	Change the string escaping strategy	2017-09-15 18:22:18 +02:00

Sei Lisa a8ec1d4747 Change the string escaping strategy

All variable values in SQL statements should use IntSQL or StrSQL as appropriate, rather than variables directly, with the exception of the table name.

This is akin to using htmlspecialchars to include text in HTML, or urlencode to include text in a URL. Normally you have the text in raw form and convert it as appropriate depending on where you're inserting it.

2017-09-15 18:22:18 +02:00

settings-config.inc.php

Move configuration to a separate file.

2017-09-15 18:22:18 +02:00

settings.php

Change the string escaping strategy

2017-09-15 18:22:18 +02:00