SQL concatenation bad practice
-
User data like $_GET[‘postid’] shouldn’t be concatenated directly into SQL like it is in grid_wp_thegrid.
Bad practice like this means that there’s a fair chance that there is a SQL injection vulnerability somewhere in this plugin.
Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
- The topic ‘SQL concatenation bad practice’ is closed to new replies.
