View Single Post
  #7  
Old 29th May 2013, 08:20
Ben Ben is offline
Moderator
 
Join Date: Jul 2006
Posts: 1,029
Thanks: 7
Thanked 62 Times in 56 Posts
Default

Good work, seems to be an interesting plugin.

But...

Quote:
Originally Posted by remy74 View Post
Dear All,

Is there a way for doing that ?
like that :

Code:
$liste["name"] 				= "Exchange_details";
// Database table
$liste["table"] 			        = "AD_MY_TABLE";
$liste["where"] 			= "columns='" .  $_REQUEST['id']  ."'";
Eventhough this was just sample code, would you mind validating and escaping all external input, e.g. here to validate $_REQUEST['id'] for beein just numbers or characters what ever will be the right syntax, and if the valid charset could lead to sql injection or similar, you should escape it additionally.
Btw this should happen for all data that you can not control, in this case also for data you gather from and to the exchange side.
Reply With Quote