Jump to content

Do Joomla's "insertObject()" & "updateObject()" prevent injection?


tqla

Recommended Posts

Hello,

 

Do Joomla's "insertObject()" and updateObject() functions also prevent injection attacks?

 

Or, do I still need to incorporate "mysql_real_escape_string()"?

 

I can't find any mention of this in Joomla documentation.

 

:confused:

 

Working Example of insertObject():

$data =new stdClass();
$data->UserID = $UserID;
$data->Address1 = $_POST['Address1'];
$data->Address2 = $_POST['Address2'];
$data->City = $_POST['City'];
$data->State = $_POST['State'];
$data->Zip = $_POST['Zip'];
$data->Country = $_POST['Country'];

$db =& JFactory::getDBO();
$db->insertObject('#__my_table', $data, UserID);

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.