You are here

function _coder_security_sql_var_warning in Coder 6

Same name and namespace in other branches
  1. 5.2 includes/coder_security.inc \_coder_security_sql_var_warning()
  2. 6.2 includes/coder_security.inc \_coder_security_sql_var_warning()
1 string reference to '_coder_security_sql_var_warning'
coder_security_reviews in includes/coder_security.inc
Implementation of hook_reviews().

File

includes/coder_security.inc, line 96
This include file implements coder functionality for Drupal Standards.

Code

function _coder_security_sql_var_warning() {
  return array(
    '#warning' => t('In SQL strings, Use !db_query() placeholders in place of variables.  This is a potential source of SQL injection attacks when the variable can come from user data.', array(
      '!db_query' => theme('drupalapi', 'db_query'),
    )),
    '#link' => 'http://drupal.org/writing-secure-code',
    '#description' => t('Use %s and %d variable substitution.  When inserting an array of values use <code>$placeholders = implode(\',\', array_fill(0, count($args), "\'%s\'"));</code>'),
  );
}