[PHP] MeekroDB Question [/PHP]

[Trinix]

Hi

I'm using MeekroDB for my database class, and it doesn't seem to have a filter function. I have a $_GET['p'] for my template system to GET the page from a file but how could I filter it so I can't get SQL injected?

 

[IntactDev]

I'm not too sure why you're using MeekroDB, although I've heard good reviews on it... I suggest just using MySQLi... But anyways, MeekroDB does that automatically for you.

 

[Weasel]

If it is a integer only, you can use intval ().

 

[Trinix]

I'm not too sure why you're using MeekroDB, although I've heard good reviews on it... I suggest just using MySQLi... But anyways, MeekroDB does that automatically for you.

MeekroDB is a class for MySQLi. Are you sure it filters it automatically? I'm not sure if it does :/

If it is a integer only, you can use intval ().

It's a string and can contain an integer

 

[IntactDev]

You must be registered for see links

I'm 100% sure, atleast according to what the documentation says...

What is MeekroDB?

MeekroDB is a PHP MySQL library that lets you get more done with fewer lines of code, and makes SQL injection 100% impossible. Keep reading and find out how!

You must be registered for see links

 

[Trinix]

You must be registered for see links

I'm 100% sure, atleast according to what the documentation says...

You must be registered for see links

I think that means in querys though..

 

[IntactDev]

I think that means in querys though..

It's for all MeekroDB functions; also that's a MySQL library, not a MySQLi.

 

[Weasel]

I think that means in querys though..

How else do you want to SQL inject then?

 

[Trinix]

It's for all MeekroDB functions; also that's a MySQL library, not a MySQLi.

Nope:

      $this->current_db = $this->dbName;
      $mysql = new mysqli($this->host, $this->user, $this->password, $this->dbName, $this->port);

 

[Lionches]

It's for all MeekroDB functions; also that's a MySQL library, not a MySQLi.

It's MySQLi.

You must be registered for see links

I don't know, try looking through the class to see if you can find any secure function somewhere.

 

[Ecko]

$this->escape($_GET['p']);

from the meekrodb class:

  public function escape($str) {
    $db = $this->get();
    return $db->real_escape_string($str);
  }