There are currently loads of challenges to hack code - or better put - to prevent it. Is there some docs in SC where to find what measurements have been taken to prevent this? ‘Magic quotes’, ‘mysql-real-escape-string’ or pdo prepare, htmlspecialchars, escapeshellcmd/arg etc. I’m asking this because I need to know which additional measurements has to be taken to get the generated applications as safe as possible.
Re: SQL injection and other security measurements
Hello,
SC applications are designed to avoid SQL injections. If you are using macros such as sc_lookup and sc_exec_sql, you can use sc_sql_injection to prevent SQL injections.
regards,
Bernhard Bernsmann
Re: SQL injection and other security measurements
Ok, that’s cool. What about the other things?
Ya, that SC function does not seem to always be available when needed.
I’d need the equivalent of: mysqli_real_escape_string
Or, be able to determine the character set to I can use that.
If you need to apply special care then you always have the events of onvalidate and/or onbeforeinsert/update to apply your code to.