function _coder_security_sql_var_warning in Coder 6
Same name and namespace in other branches
- 5.2 includes/coder_security.inc \_coder_security_sql_var_warning()
- 6.2 includes/coder_security.inc \_coder_security_sql_var_warning()
1 string reference to '_coder_security_sql_var_warning'
- coder_security_reviews in includes/
coder_security.inc - Implementation of hook_reviews().
File
- includes/
coder_security.inc, line 96 - This include file implements coder functionality for Drupal Standards.
Code
function _coder_security_sql_var_warning() {
return array(
'#warning' => t('In SQL strings, Use !db_query() placeholders in place of variables. This is a potential source of SQL injection attacks when the variable can come from user data.', array(
'!db_query' => theme('drupalapi', 'db_query'),
)),
'#link' => 'http://drupal.org/writing-secure-code',
'#description' => t('Use %s and %d variable substitution. When inserting an array of values use <code>$placeholders = implode(\',\', array_fill(0, count($args), "\'%s\'"));</code>'),
);
}