Jump to content

Security issues


Recommended Posts


Now that I have almost finished converting *a lot* of code from IPS3 to IPS4, I start to worry about security issues:

Here it states that: "This means that all request data should be considered potentially tainted and you will need to take precautions not to introduce security issues by relying upon "clean" request data from this class.". But what exactly is the best way to do this "cleaning", before, e.g. inserting a user text in the database? 

Back in IPS3, I just used: "$this->DB->addSlashes" and I felt quite secure. Is there something similar I can do in IPS4, because I have a lot of code, and converting all my forms to use the new IPS4 Form Helper may not be so easy....


Link to comment
Share on other sites

Your best bet is to use prepared statements where possible. For inserts and updates this is handled automatically, except in the where clause where you would do

array( 'column=?', $value )

We do not "clean" the data on insert, we clean it on output. In templates this is largely handled automatically, and when you need to display a raw value that may legitimately contain HTML you use the |raw modifier.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...