What does "makeSafe($data" do?

Discussions related to customizing hooks. Hooks are documented at http://bigprof.com/appgini/help/advanced-topics/hooks/
Post Reply
User avatar
bruceholt
Veteran Member
Posts: 100
Joined: 2016-07-30 20:16
Location: Australia

What does "makeSafe($data" do?

Post by bruceholt » 2018-10-29 05:02

Hoping someone can help me understand what "makeSafe($data" is for in the some hooks files.

Example:

Code: Select all

$email = sqlValue("select email from customer where id='" . makeSafe($data['customer_name']) . "'");

User avatar
jsetzer
AppGini Super Hero
AppGini Super Hero
Posts: 1807
Joined: 2018-07-06 06:03
Location: Kiel, Germany
Contact:

Re: What does "makeSafe($data" do?

Post by jsetzer » 2018-10-29 05:27

makeSafe() replaces strings or parts of strings which may be dangerous if executed on a database. It returns "safe" strings which can be used in SQL statements. makeSafe() or other escaping-strategies protect you from so called "SQL Injection".

See here: https://searchsoftwarequality.techtarge ... -injection

SQL injection
Posted by: Margaret Rouse
WhatIs.com
SQL injection is a type of security exploit in which the attacker adds Structured Query Language (SQL) code to a Web form input box to gain access to resources or make changes to data. An SQL query is a request for some action to be performed on a database. [...] an attacker can use the input boxes to send their own request to the database, which could allow them to download the entire database or interact with it in other illicit ways.

Hope this helps!
Regards,
Jan
Kind regards,
<js />

My AppGini Blog:
https://appgini.bizzworxx.de/blog

You can help us helping you:
Please always put code fragments inside [code]...[/code] blocks for better readability

AppGini 24.10 Revision 1579 + all AppGini Helper tools

User avatar
bruceholt
Veteran Member
Posts: 100
Joined: 2016-07-30 20:16
Location: Australia

Re: What does "makeSafe($data" do?

Post by bruceholt » 2018-10-29 19:51

Thanks for that, Jan.

Post Reply