• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Mysql query question about using active record

#9
[eluser]Derek Allard[/eluser]
Should be ok, the string is still getting run through "where()" so all the active record escaping remains.

Quote:BTW, with “escaping” does it mean my code is completely safe? And no need to worry about things like sql injection at all?
Well, of course there is no such thing as "perfect" security, so I won't go so far as to day that there is no need to worry about sql injection, but to answer your question, the intention of the escaping that happens is to remove the burden of needing to code in their own protection from a developer. So yeah, you should be good. Stay vigilant, always think about security, but you should be good.


Messages In This Thread
Mysql query question about using active record - by El Forum - 01-12-2008, 08:11 AM
Mysql query question about using active record - by El Forum - 01-12-2008, 08:22 AM
Mysql query question about using active record - by El Forum - 01-12-2008, 08:25 AM
Mysql query question about using active record - by El Forum - 01-12-2008, 09:01 AM
Mysql query question about using active record - by El Forum - 01-12-2008, 12:14 PM
Mysql query question about using active record - by El Forum - 01-14-2008, 06:05 AM
Mysql query question about using active record - by El Forum - 01-14-2008, 11:47 AM
Mysql query question about using active record - by El Forum - 08-29-2008, 12:14 AM
Mysql query question about using active record - by El Forum - 08-29-2008, 06:21 AM
Mysql query question about using active record - by El Forum - 08-31-2008, 08:24 AM

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.