[geeklog-devel] Filtering in GL2
dirk at haun-online.de
Wed Dec 15 16:21:09 EST 2004
>Quote handling in GL2 should be transparent to the developer. Recall
>that all custom SQL goes into a named query file and that the SQL that
>goes in there should use prepared SQL as opposed to the kind of SQL
>found in 1.3.x.
What about SQL injection attempts then?
There's several sorts of filtering that have to be done, and ideally (I
think), they should be handled by different "entities" (for lack of a
better word), as opposed to the all-in-one approach that 1.3's
I.e. an SQL request should be parsed for injections / malformed SQL by
the entity that handles SQL (would that be Propel then or Creole?).
handles the post (or whatever data is being processed), as it may be
acceptable for one module, but unacceptable for another.
More information about the geeklog-devel