XF 2.2 How to properly escape data before entry into the database.

mjda

mjda

Well-known member
I have an addon where members submit files with data in them. Since I then parse the files by line I can't use $this->filter...so I'm wondering what the proper way would be to make sure this data is safe to insert into the database?

I should note that I am still using the entity creator to insert the data. I'm just not sure how to filter each of those lines before I get to that point.

I've read that mysqli_real_escape_string could be used, but I'm wondering if there is a XF function already for this?
 
If you're using the entity system to save your data into the db, then it should use prepared statements which should be able to handle this for you already unless I'm mistaken.
 
Lukas W. said:
If you're using the entity system to save your data into the db, then it should use prepared statements which should be able to handle this for you already unless I'm mistaken.
Click to expand...

That would be great! I was actually hoping that would be the case. Thanks for the reply.
 
You must log in or register to reply here.

Similar threads

D
XF 2.3 How to save additional data to a Post
Replies
2
Views
67
delzhand
D
Gobb
XF 2.2 How to update an existing row in a table in the database?
Replies
2
Views
627
Gobb
Gobb
bzcomputers
  • Question Question
XF 2.1 Can I just re-import to get the latest data before taking a test environment live?
Replies
1
Views
474
Paul B
P
L
XF 2.0 how to insert data in database on submit....?
Replies
5
Views
2K
SamJakob
SamJakob
C
How to insert POST data into MySQL via Form through Xenforo with SQL Injection Prevention
Replies
4
Views
2K
calnet
C
Back
Top Bottom