Hello
how can use :
db->escape_string()
in my settings input prevent SQL Injections ?
function random_hook() {
global $db;
echo $db->escape_string("What's this?");
}
Could you provide your code so we can spoon feed.
it provides error when i put the code
We need more details. What is the error that you see?
normally when finished my plugin and test it , it was good
when i wanted to submit in mybb mods they check it and said :
Quote:After reviewing your submissions I noticed that your settings input isn't properly escaped. You should apply db->escape_string() function on your settings input to prevent SQL Injections.
but I don't know how to use escape_string() in my plugin
when i put it in
function (myplugin) {
it provides error :
Quote:Missing argument 1 for DB_MySQLi::escape_string()
can you help me how to use escape_string() with more details ?
Take the following for example:
$plugins->add_hook('foo', 'bar');
function bar()
{
global $mybb, $db;
$bar = $mybb->input['foobar'];
$bar = $db->escape_string($bar); // Escape the string to be inserted in the database
$db->insert_query('foobar', "foo = '{$bar}'");
}
Note that insert_query expects an array for the second argument.
(2014-04-06, 10:53 PM)Omar G. Wrote: [ -> ]Note that insert_query expects an array for the second argument.
So it does. Looks like I got confused with simple_select().
$var = "'MyBB?'";
$db->escape_string($var); // To escape the quotes
-> That's how its used, as far as i remember
<-