4.7 Demonstrate ability to analyze and resolve security issues arising from site configuration or cu
Previous4.6 Demonstrate ability to analyze and resolve site performance issues arising from site configuratiNextOther Resources
Last updated
Last updated
Review SQL injection and more specifically examples of correct SQL injection syntax.
Examples from . Use the database abstraction layer to avoid SQL injection attacks.
Use the database layer correctly. For example, never concatenate data directly into SQL queries.
Don't do this:
Instead, use proper argument substitution with db_query. The DB layer works on top of PHP PDO and uses an array of named placeholders:
Do This:
For a variable number of argument, use an array of arguments or use db_select():
db_query is deprecated and will be removed in Drupal 9 - instead you should use a database connection object and call the query method on it (the parameters are the same).
Another example of proper syntax.