Advertisement:

Author Topic: Simple db_query question  (Read 306 times)

Offline MaisterK

  • Newbie
  • *
  • Posts: 5
Simple db_query question
« on: February 20, 2018, 12:14:12 AM »
Hi
I have simple security question:
strings used in $smcFunc['db_query'] need to be escaped?
or the function do this?


Offline vbgamer45

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 20,459
    • smfhacks on Facebook
    • VBGAMER45 on GitHub
    • @createaforum on Twitter
    • SMF For Free
Re: Simple db_query question
« Reply #1 on: February 20, 2018, 01:10:41 AM »
They should be if you are passing the data raw in.
If you are using the parameters type mapping then you are in better shape.
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro