dear friends,
i developed a complex form which uses external libraries to store the code. as the last step i wanted to run a SC macro sc_exec_sql($updateSql); however this is not recognised as a valid function.
is this a limitation of external libraries ? if so, what is a work around ? or should i use internal library ?
yes external libraries cannot use sc macros.
to perfrom sql queries\actions in sc external libraries i do the following
- in the app: pass the $this->Db object as a parameter to the external lib function
- in the external lib: use ADOdb syntax on the passed db oject
e.g.
in the app
$updateSql = “UPDATE …”;
my_function($this->Db, $updateSql);
in the external library
function my_function($o_db, $updateSql)
{
$o_db->Execute($updateSql);
}
2 Likes
thank you very much , this is exactly i was looking for. it works now!
I just expect one vulnerability with this approach. we need to extra check sql for possible injection.
this is what SC does if we run sql via a macro. but direct execute does not do check i expect.
According to chatgpt:
(not tested and, as always with AI answers, it could be 100% wrong…)
### ADODB-Specific Protection Against SQL Injection
Here are the key ADODB functions and techniques that help you prevent SQL injection:
Execute($sql, $params)
- This is your go-to method for safe queries.
- Use
?placeholders in your SQL and pass user input as an array.
php
$sql = "SELECT * FROM users WHERE username = ? AND status = ?";
$params = [$_POST['username'], $_POST['status']];
$rs = $db->Execute($sql, $params);