2011-05-25, 07:12 PM
Hello,
I'm having a big doubt whether I need to escape strings or not. I know it sounds stupid, but I first thought "of course it has to be escaped" then looking at other plugins I noticed they weren't being escaped so I thought the DB class was doing it by itself when you insert something.
And well, just checked the MySQLi class and it doesn't seem to escape the strings before inserting, selecting or whatever the action is.
So, do I systematically need to escape the strings in the MyBB environment?
Thanks.
I'm having a big doubt whether I need to escape strings or not. I know it sounds stupid, but I first thought "of course it has to be escaped" then looking at other plugins I noticed they weren't being escaped so I thought the DB class was doing it by itself when you insert something.
And well, just checked the MySQLi class and it doesn't seem to escape the strings before inserting, selecting or whatever the action is.
So, do I systematically need to escape the strings in the MyBB environment?
Thanks.
My latest plugins:
My Sticky
Maximum size for images in sig. | Ban reason in profile | Report Post Suite
My Sticky
Maximum size for images in sig. | Ban reason in profile | Report Post Suite