Check out Janggi (Korean Chess), our featured variant for December, 2024.


[ Help | Earliest Comments | Latest Comments ]
[ List All Subjects of Discussion | Create New Subject of Discussion ]
[ List Earliest Comments Only For Pages | Games | Rated Pages | Rated Games | Subjects of Discussion ]

Single Comment

PHP Functions[Subject Thread] [Add Response]
🕸Fergus Duniho wrote on Tue, Apr 24, 2018 03:18 PM UTC:

I just wrote another function called valid_column_name(). It takes a table name and a column name as its two arguments, and it returns whether the column name is the name of a column in that table. To avoid redundancy, it does not check whether the table name is valid. This should have already been done with valid_table_name. Using these two functions inside of table_row(), table_rows(), and get_field(), these functions for reading the database should now be immune to SQL injection from user input.