July 19 2014

Joomla prevent SQL injections in custom query

Tagged Under : , ,

For custom query in Joomla is not prevent the SQL injections issue. So that, we need to add some script to the query.

In Joomla we can using $db->quote($param) to prevent SQL injections in custom query.

The Example of the query:
$db = JFactory::getDbo();
$query = "INSERT INTO table (`username`, `password`) VALUES (".$db->quote($username).", $db->quote($password))";
In the query you not need to add Single Quote Symbol. Because it will help you add in your query.

Make a Comment

You must be logged in to post a comment.