Announcement

Collapse
No announcement yet.

SQL injection and other security measurements

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • SQL injection and other security measurements

    There are currently loads of challenges to hack code - or better put - to prevent it. Is there some docs in SC where to find what measurements have been taken to prevent this? 'Magic quotes', 'mysql-real-escape-string' or pdo prepare, htmlspecialchars, escapeshellcmd/arg etc. I'm asking this because I need to know which additional measurements has to be taken to get the generated applications as safe as possible.
    Albert Drent
    aducom software netherlands
    scriptcase partner, reseller, support and (turn-key) development
    www.scriptcase.eu / www.scriptcase.nl

  • #2
    Re: SQL injection and other security measurements

    Hello,

    SC applications are designed to avoid SQL injections. If you are using macros such as sc_lookup and sc_exec_sql, you can use sc_sql_injection to prevent SQL injections.

    regards,
    Bernhard Bernsmann

    Comment


    • #3
      Re: SQL injection and other security measurements

      Ok, that's cool. What about the other things?
      Albert Drent
      aducom software netherlands
      scriptcase partner, reseller, support and (turn-key) development
      www.scriptcase.eu / www.scriptcase.nl

      Comment


      • #4
        Originally posted by aducom View Post
        Ok, that's cool. What about the other things?
        Ya, that SC function does not seem to always be available when needed.
        I'd need the equivalent of: mysqli_real_escape_string
        Or, be able to determine the character set to I can use that.

        Comment


        • #5
          If you need to apply special care then you always have the events of onvalidate and/or onbeforeinsert/update to apply your code to.
          Albert Drent
          aducom software netherlands
          scriptcase partner, reseller, support and (turn-key) development
          www.scriptcase.eu / www.scriptcase.nl

          Comment

          Working...
          X