MyBB Community Forums

MyBB Community Forums > Extensions > Plugins > Plugin Development > Do I need to escape my strings or what?
Full Version: Do I need to escape my strings or what?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Bencori

2011-05-25, 07:12 PM
Hello,

I'm having a big doubt whether I need to escape strings or not. I know it sounds stupid, but I first thought "of course it has to be escaped" then looking at other plugins I noticed they weren't being escaped so I thought the DB class was doing it by itself when you insert something.

And well, just checked the MySQLi class and it doesn't seem to escape the strings before inserting, selecting or whatever the action is.

So, do I systematically need to escape the strings in the MyBB environment?

Thanks.

Yaldaram

2011-05-25, 07:14 PM
Yes, its better to escape the strings.

Euan T

2011-05-25, 07:19 PM
ALWAYS escape strings that are to be inserted by the user. No matter what. Not doing so pretty much leaves an invitation for problems.

Nathan Malcolm

2011-05-25, 07:30 PM
Do it even if your not sure. Better to be safe than sorry.

Bencori

2011-05-25, 08:17 PM
Ok, thank you guys Smile
MyBB Community Forums > Extensions > Plugins > Plugin Development > Do I need to escape my strings or what?