We launched new forums in March 2019—join us there. In a hurry for help with your website? Get Help Now!
MODX Community Forums Archive

[SOLVED] getResources where parameter. is there any data sanitation? [YES]

    • 24531
    • 213 Posts
    rav3n Reply #1, 13 years, 7 months ago
    Hey there.

    So i have getResources Call, which takes argument from query string and puts it as "where" parameter, do i need to make some mysql_real_escape_string stuff or getResources sanitizes all parameters? There’s nothing about it in documentation and really don’t want to go and check the source code smiley

    Thanks!
    • opengeek Reply #2, 13 years, 7 months ago
      Quote from: rav3n at Oct 16, 2010, 07:44 PM

      Hey there.

      So i have getResources Call, which takes argument from query string and puts it as "where" parameter, do i need to make some mysql_real_escape_string stuff or getResources sanitizes all parameters? There’s nothing about it in documentation and really don’t want to go and check the source code smiley

      Thanks!
      MODx Revolution and it’s underlying database layer, xPDO, uses PDO prepared statements for executing queries which automatically sanitizes user input variables. You do not need to do any manual sanitization.
        Jason Coward
        Chief Architect @ MODX
        http://www.jasoncoward.com | http://twitter.com/drumshaman | https://github.com/opengeek
        • 24531
        • 213 Posts
        rav3n Reply #3, 13 years, 7 months ago
        That’s really cool news! Guess i better go read xpdo docs smiley