Author Topic: Simple db_query question  (Read 214 times)

Offline MaisterK

  • Newbie
  • *
  • Posts: 4
Simple db_query question
« on: February 20, 2018, 12:14:12 AM »
I have simple security question:
strings used in $smcFunc['db_query'] need to be escaped?
or the function do this?

Offline vbgamer45

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 19,656
    • smfhacks on Facebook
    • VBGAMER45 on GitHub
    • @createaforum on Twitter
    • SMF For Free
Re: Simple db_query question
« Reply #1 on: February 20, 2018, 01:10:41 AM »
They should be if you are passing the data raw in.
If you are using the parameters type mapping then you are in better shape.
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more! -  Paid Modifications for SMF

EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro