2019-08-23, 05:57 PM
In the aims of reducing the risk of database breaches caused by plugins and occasionally a bug in MyBB Core. Let's stop these attacks once and for all in MyBB 1.10 by rewriting MyBB Core's database logic using php prepared statements and requiring that all plugins use them to remain in the extend database.
MyBB's database classes would still be on top but something like:
Thoughts?
MyBB's database classes would still be on top but something like:
$query = "SELECT forumName, postCount, threadCount, lastPosterName FROM mybb_forums WHERE categoryID = :categoryID";
$statement = $db->prepare($query);
$statement->bindValue('categoryID', $_GET['cat_id']);
$statement->execute();
// use results to show the forums listing for a specific category
...
Thoughts?