tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

Update 04_Secure_Coding.md

Browse Source 
Fix(Format): Warning format missing entry tag.
This commit is contained in:
LiamKearn 2021-07-30 20:50:40 +10:00 committed by GitHub
parent d68a50aeaa
commit ed78b60479
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md
View File

@ -94,6 +94,7 @@ Example:
$members = Member::get()->where(sprintf('"Name" = %s', Convert::raw2sql($_GET['name'], true))); $members = Member::get()->where(sprintf('"Name" = %s', Convert::raw2sql($_GET['name'], true)));
``` ```
[warning]
It is NOT good practice to "be sure" and convert the data passed to the functions above manually. This might It is NOT good practice to "be sure" and convert the data passed to the functions above manually. This might
result in *double escaping* and alters the actually saved data (e.g. by adding slashes to your content). result in *double escaping* and alters the actually saved data (e.g. by adding slashes to your content).
[/warning] [/warning]