From 42fd17af6e5bd521fb964008561790275a1bc1be Mon Sep 17 00:00:00 2001 From: Jakub Vrana Date: Thu, 30 Jul 2009 12:22:29 +0000 Subject: [PATCH] Escape data inside queries git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@286556 c90b9560-bf6c-de11-be94-00142212c4b1 --- reference/dbx/functions/dbx-query.xml | 4 ++++ reference/ingres-ii/functions/ingres-query.xml | 4 ++++ reference/ingres-ii/functions/ingres-unbuffered-query.xml | 4 ++++ reference/mysql/functions/mysql-db-query.xml | 4 ++++ reference/mysql/functions/mysql-query.xml | 2 ++ reference/mysql/functions/mysql-unbuffered-query.xml | 4 ++++ reference/mysqli/mysqli/multi-query.xml | 4 ++++ reference/mysqli/mysqli/query.xml | 4 ++++ reference/mysqli/mysqli/real-query.xml | 4 ++++ reference/pdo/pdo/exec.xml | 4 ++++ reference/pdo/pdo/query.xml | 4 ++++ reference/pgsql/functions/pg-query.xml | 4 ++++ reference/pgsql/functions/pg-send-query.xml | 4 ++++ reference/sqlite/functions/sqlite-array-query.xml | 4 ++++ reference/sqlite/functions/sqlite-exec.xml | 4 ++++ reference/sqlite/functions/sqlite-query.xml | 4 ++++ reference/sqlite/functions/sqlite-unbuffered-query.xml | 4 ++++ 17 files changed, 66 insertions(+) diff --git a/reference/dbx/functions/dbx-query.xml b/reference/dbx/functions/dbx-query.xml index 0d1c8244a3..47f05a6514 100644 --- a/reference/dbx/functions/dbx-query.xml +++ b/reference/dbx/functions/dbx-query.xml @@ -35,6 +35,10 @@ SQL statement. + + Data inside the query should be properly escaped. + diff --git a/reference/ingres-ii/functions/ingres-query.xml b/reference/ingres-ii/functions/ingres-query.xml index 45dad97d78..0d8c3a3aed 100644 --- a/reference/ingres-ii/functions/ingres-query.xml +++ b/reference/ingres-ii/functions/ingres-query.xml @@ -61,6 +61,10 @@ A valid SQL query (see the Ingres SQL reference guide) in the Ingres documentation. + + Data inside the query should be properly escaped. + The following types of SQL queries cannot be sent with this function: diff --git a/reference/ingres-ii/functions/ingres-unbuffered-query.xml b/reference/ingres-ii/functions/ingres-unbuffered-query.xml index 802b638df8..27e3ec69d7 100644 --- a/reference/ingres-ii/functions/ingres-unbuffered-query.xml +++ b/reference/ingres-ii/functions/ingres-unbuffered-query.xml @@ -70,6 +70,10 @@ statements that cannot be executed via ingres_unbuffered_query. + + Data inside the query should be properly escaped. + diff --git a/reference/mysql/functions/mysql-db-query.xml b/reference/mysql/functions/mysql-db-query.xml index c52ffc4f00..de9d48d1a0 100644 --- a/reference/mysql/functions/mysql-db-query.xml +++ b/reference/mysql/functions/mysql-db-query.xml @@ -38,6 +38,10 @@ The MySQL query. + + Data inside the query should be properly escaped. + &mysql.linkid.description; diff --git a/reference/mysql/functions/mysql-query.xml b/reference/mysql/functions/mysql-query.xml index f4950acee5..f7cff7eb01 100644 --- a/reference/mysql/functions/mysql-query.xml +++ b/reference/mysql/functions/mysql-query.xml @@ -33,6 +33,8 @@ The query string should not end with a semicolon. + Data inside the query should be properly escaped. diff --git a/reference/mysql/functions/mysql-unbuffered-query.xml b/reference/mysql/functions/mysql-unbuffered-query.xml index 84fa3fb466..80f79d4213 100644 --- a/reference/mysql/functions/mysql-unbuffered-query.xml +++ b/reference/mysql/functions/mysql-unbuffered-query.xml @@ -38,6 +38,10 @@ A SQL query + + Data inside the query should be properly escaped. + &mysql.linkid.description; diff --git a/reference/mysqli/mysqli/multi-query.xml b/reference/mysqli/mysqli/multi-query.xml index 8388741c84..acf6bdde2a 100644 --- a/reference/mysqli/mysqli/multi-query.xml +++ b/reference/mysqli/mysqli/multi-query.xml @@ -42,6 +42,10 @@ The query, as a string. + + Data inside the query should be properly escaped. + diff --git a/reference/mysqli/mysqli/query.xml b/reference/mysqli/mysqli/query.xml index a2cdf948d8..3064c8115e 100644 --- a/reference/mysqli/mysqli/query.xml +++ b/reference/mysqli/mysqli/query.xml @@ -44,6 +44,10 @@ The query string. + + Data inside the query should be properly escaped. + diff --git a/reference/mysqli/mysqli/real-query.xml b/reference/mysqli/mysqli/real-query.xml index 41f3c64597..7979783d47 100644 --- a/reference/mysqli/mysqli/real-query.xml +++ b/reference/mysqli/mysqli/real-query.xml @@ -42,6 +42,10 @@ The query, as a string. + + Data inside the query should be properly escaped. + diff --git a/reference/pdo/pdo/exec.xml b/reference/pdo/pdo/exec.xml index 64c9e7b0da..d93cf0904e 100644 --- a/reference/pdo/pdo/exec.xml +++ b/reference/pdo/pdo/exec.xml @@ -39,6 +39,10 @@ The SQL statement to prepare and execute. + + Data inside the query should be properly escaped. + diff --git a/reference/pdo/pdo/query.xml b/reference/pdo/pdo/query.xml index cd134089f4..3a7bafc145 100644 --- a/reference/pdo/pdo/query.xml +++ b/reference/pdo/pdo/query.xml @@ -76,6 +76,10 @@ The SQL statement to prepare and execute. + + Data inside the query should be properly escaped. + diff --git a/reference/pgsql/functions/pg-query.xml b/reference/pgsql/functions/pg-query.xml index 5201e565e0..b3149cd95e 100644 --- a/reference/pgsql/functions/pg-query.xml +++ b/reference/pgsql/functions/pg-query.xml @@ -64,6 +64,10 @@ they are automatically executed as one transaction, unless there are explicit BEGIN/COMMIT commands included in the query string. However, using multiple transactions in one function call is not recommended. + + Data inside the query should be properly escaped. + diff --git a/reference/pgsql/functions/pg-send-query.xml b/reference/pgsql/functions/pg-send-query.xml index 48d2c5b8e4..aa82c35e20 100644 --- a/reference/pgsql/functions/pg-send-query.xml +++ b/reference/pgsql/functions/pg-send-query.xml @@ -55,6 +55,10 @@ The SQL statement or statements to be executed. + + Data inside the query should be properly escaped. + diff --git a/reference/sqlite/functions/sqlite-array-query.xml b/reference/sqlite/functions/sqlite-array-query.xml index b63de9c4f3..78d1df8f48 100644 --- a/reference/sqlite/functions/sqlite-array-query.xml +++ b/reference/sqlite/functions/sqlite-array-query.xml @@ -61,6 +61,10 @@ The query to be executed. + + Data inside the query should be properly escaped. + diff --git a/reference/sqlite/functions/sqlite-exec.xml b/reference/sqlite/functions/sqlite-exec.xml index 9f9215c74c..40cd6e55d6 100644 --- a/reference/sqlite/functions/sqlite-exec.xml +++ b/reference/sqlite/functions/sqlite-exec.xml @@ -63,6 +63,10 @@ The query to be executed. + + Data inside the query should be properly escaped. + diff --git a/reference/sqlite/functions/sqlite-query.xml b/reference/sqlite/functions/sqlite-query.xml index afc7c31c66..7f5524158f 100644 --- a/reference/sqlite/functions/sqlite-query.xml +++ b/reference/sqlite/functions/sqlite-query.xml @@ -59,6 +59,10 @@ The query to be executed. + + Data inside the query should be properly escaped. + diff --git a/reference/sqlite/functions/sqlite-unbuffered-query.xml b/reference/sqlite/functions/sqlite-unbuffered-query.xml index 6cee52bbd7..6f37875153 100644 --- a/reference/sqlite/functions/sqlite-unbuffered-query.xml +++ b/reference/sqlite/functions/sqlite-unbuffered-query.xml @@ -75,6 +75,10 @@ The query to be executed. + + Data inside the query should be properly escaped. +