Welcome to the Question2Answer Q&A. There's also a
demo
if you just want to try it out.
Login
Login
Register
All Activity
Questions
Hot!
Unanswered
Tags
Users
Ask a Question
About
Wiki
Welcome to the Q&A for
Question2Answer
.
If you have questions about the platform,
click here to ask
and please use English.
If you just want to try Q2A, please use the
demo
, which also grants admin access.
Apr 29:
Q2A 1.5.2
Related questions
Can I use Q2A with MS-sql DB? i have a dot.net web site.
Error in CONFIGURING Question&Answer database to my MY-SQL database
Integration with vBulletin 3.8.x ?
Database structure differences between current and upcoming version?
Badges create table
Database Binary passcheck hashing, maybe a security problem.
Normal user can update database after upgrade
Performance of MYSQL (qa_options table query)
Question2Answer MySQL query error 1146: Table 'uanvgsus_ask.qa_posts' doesn't exist
Why am I getting the message "Database select error" on a fresh install
All categories
Q2A Core
(3,252)
Plugins
(356)
SQL Injection Protection
+5
votes
Is the code in Q2a secure from SQL injections?
sql
mysql
security
database
hacked
asked
Nov 14, 2010
in
Q2A Core
by
Frank Basti
Please
log in
or
register
to add a comment.
Please
log in
or
register
to answer this question.
1 Answer
0
votes
Best answer
Yes, throughout. All parameters to SQL queries are substituted for # or $ in the queries you see in the code, and this substitution takes care of escaping.
answered
Nov 14, 2010
by
gidgreen
Could You point me / us to an article or good source about that ? Seems to be good to know about when working with foreign scripts.
http://www.tizag.com/mysqlTutorial/mysql-php-sql-injection.php
Please
log in
or
register
to add a comment.
