sigmasternchen/php-doc-en
1
0
Fork 0
mirror of https://github.com/sigmasternchen/php-doc-en synced 2025-03-15 08:28:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Move mysqli SQL injection warning to a snippet (#703)

Browse source
This commit is contained in:
Kamil Tekiela 2021-07-12 15:08:55 +01:00 committed by GitHub
parent eedb233402
commit 3d34df4084
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 10 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
language-snippets.ent
View file

@ -1676,6 +1676,13 @@ linkend="book.mysqlnd">mysqlnd</link>.'>
hand-shake/authentication, which mysqlnd will use.</para><para>Libmysqlclient uses the default charset set in the
<filename>my.cnf</filename> or by an explicit call to <function>mysqli_options</function> prior to
calling <function>mysqli_real_connect</function>, but after <function>mysqli_init</function>.</para></note>'>
<!ENTITY mysqli.sqlinjection.warning '<warning xmlns="http://docbook.org/ns/docbook">
<title>Security warning: SQL injection</title><para>If the query contains any variable
input then <link linkend="mysqli.quickstart.prepared-statements">parameterized
prepared statements</link> should be used instead. Alternatively, the
data must be properly formatted and all strings must be escaped using
the <function>mysqli_real_escape_string</function>
function.</para></warning>'>
<!-- Notes for SAPI/Apache -->
<!ENTITY apache.req.module '<simpara xmlns="http://docbook.org/ns/docbook">This function is supported when PHP

4
reference/mysqli/mysqli/multi-query.xml
View file

@ -42,9 +42,7 @@
<para>
The query, as a string.
</para>
<para>
Data inside the query should be <link linkend="mysqli.real-escape-string">properly escaped</link>.
</para>
&mysqli.sqlinjection.warning;
</listitem>
</varlistentry>
</variablelist>

12
reference/mysqli/mysqli/query.xml
View file

@ -77,17 +77,7 @@
<para>
The query string.
</para>
<warning>
<title>Security warning: SQL injection</title>
<para>
If the query contains any variable input then
<link linkend="mysqli.quickstart.prepared-statements">parameterized
prepared statements</link> should be used instead. Alternatively, the
data must be properly formatted and all strings must be escaped using
the <function>mysqli_real_escape_string</function>
function.
</para>
</warning>
&mysqli.sqlinjection.warning;
</listitem>
</varlistentry>
<varlistentry>

12
reference/mysqli/mysqli/real-query.xml
View file

@ -42,17 +42,7 @@
<para>
The query string.
</para>
<warning>
<title>Security warning: SQL injection</title>
<para>
If the query contains any variable input then
<link linkend="mysqli.quickstart.prepared-statements">parameterized
prepared statements</link> should be used instead. Alternatively, the
data must be properly formatted and all strings must be escaped using
the <function>mysqli_real_escape_string</function>
function.
</para>
</warning>
&mysqli.sqlinjection.warning;
</listitem>
</varlistentry>
</variablelist>