I see a problem here and please correct me if I'm wrong, as I have not actually tested this code. It appears that you are building your SQL queries directly from the POST data without any sanitation. This easily introduces SQL injection vulnerabilities into your code. In your case it looks like prepared statements aren't going to work, so I would suggest using a white-list of safe values and check against that. Even if this is meant only for a developer to use and not public facing, you should always assume the input is malicious and protect against it. Thanks, Derek On Mon, Dec 1, 2014 at 11:42 PM, Farzan Dalaee <farzan.dalaee@xxxxxxxxx> wrote: > Hi all > My open source tree view project on github > Feel free to use it > https://github.com/farzandalaee/FDTreeView > > Best Regards > Farzan Dalaee >
