field "Search Query" - SQL-Injection possible?

2 Posts
ostap007
4 years ago
0
Topic

Hello!

I use a field "Search Query".

In SQL query I use constructs like: "$uri - >getValue ('url_variable')", i.e. I take values of attributes of their URL

Question:

Is there a danger of "SQL-Injection" in this case, maybe it has already been solved at the level of field logic? Is it necessary to provide something in the SQL query itself?

Get a Book for SEBLOD