Firstly, symfony does that for you ;). Secondly it was just a quick
example to get him on the right road. I didn't have time to sit and
show a fully worked, real world example.
Jsut to reiterate, symfony already checks what parameters are passed
through GET and POST for you for SQL injection and cleans them. Try it
yourself if you don't believe me. Its one of the great benefits of
using a framework.
On Fri, Mar 5, 2010 at 8:12 PM, Augusto Flavio <afla...@gmail.com> wrote:
> Hi Gareth,
>
>
> the method that you show us have a security problem: inject sql. You need to
> check what kind of parameter the user is sending.
>
>
>
> if (!in_array($parameter, array('asc', 'desc'))) {
> //do something
> } else {
> //execute the query
> }
>
>
> bye
>
>
>
> Augusto Morais
>
> --
> If you want to report a vulnerability issue on symfony, please send it to
> security at symfony-project.com
>
> You received this message because you are subscribed to the Google
> Groups "symfony users" group.
> To post to this group, send email to symfony-users@googlegroups.com
> To unsubscribe from this group, send email to
> symfony-users+unsubscr...@googlegroups.com
> For more options, visit this group at
> http://groups.google.com/group/symfony-users?hl=en
>
--
Gareth McCumskey
http://garethmccumskey.blogspot.com
twitter: @garethmcc
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
