[ List Earliest Comments Only For Pages | Games | Rated Pages | Rated Games | Subjects of Discussion ]
Check out Janggi (Korean Chess), our featured variant for December, 2024.
Check out Janggi (Korean Chess), our featured variant for December, 2024.
I just wrote another function called valid_column_name(). It takes a table name and a column name as its two arguments, and it returns whether the column name is the name of a column in that table. To avoid redundancy, it does not check whether the table name is valid. This should have already been done with valid_table_name. Using these two functions inside of table_row(), table_rows(), and get_field(), these functions for reading the database should now be immune to SQL injection from user input.