Search the Community
Showing results for tags 'injections'.
Hello forum, this is my first security related post, so I'm a bit of a newbie. I understand that when I have direct front-input from user I should sanitize the input, but how about when I use a secret key for showing a API for a third-party supplier? Should I sanitize the input->get() key? I've tested this issue and I tried ?key=<?php echo $page->field; ?> And without adding any sanitization it comes back: /?key=<?php%20echo%20$page->field;%20?> So can I rely on this, or should I still use $sanitizer just in case? Thanks for the help!
Hey, My company asked me how Processwire handles SQL Injections, i was quite sure this was done somewhere but after some scanning through the code and the documentation. I noticed I couldn't really find an answer to the question. Because security is a big issue I would like to ask where and how processwire handles SQL injections? Big thanks! Greetings, Harm.