|
Friday 03 November 2006 1:18:12 am
Hi there
My users can update some data on some objects using a webform. Due to technical reasons I cannot use the regular content/edit functionality so I have written an extension that takes the posted data, checks which attributes are posted for which object and then uses something like this:
$contentObjectAttribute->setAttribute('data_int', $postedAttributeContent);
for each of attribute. This is working fine but I am wondering how much I should worry about quotation marks or sql injection in the posted data. So are there any cleanup functions in the ez sql interface that I can use or does ez automatically check for and remove and possible problems? Thanks for any tips or hints Claudia
|