MODx Revolution and it’s underlying database layer, xPDO, uses PDO prepared statements for executing queries which automatically sanitizes user input variables. You do not need to do any manual sanitization.
Hey there.
So i have getResources Call, which takes argument from query string and puts it as "where" parameter, do i need to make some mysql_real_escape_string stuff or getResources sanitizes all parameters? There’s nothing about it in documentation and really don’t want to go and check the source code
Thanks!