tqla Posted December 12, 2010 Share Posted December 12, 2010 Hello, Do Joomla's "insertObject()" and updateObject() functions also prevent injection attacks? Or, do I still need to incorporate "mysql_real_escape_string()"? I can't find any mention of this in Joomla documentation. Working Example of insertObject(): $data =new stdClass(); $data->UserID = $UserID; $data->Address1 = $_POST['Address1']; $data->Address2 = $_POST['Address2']; $data->City = $_POST['City']; $data->State = $_POST['State']; $data->Zip = $_POST['Zip']; $data->Country = $_POST['Country']; $db =& JFactory::getDBO(); $db->insertObject('#__my_table', $data, UserID); Link to comment https://forums.phpfreaks.com/topic/221356-do-joomlas-insertobject-updateobject-prevent-injection/ Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.