Dear Derek Thanks for your reply, this class for developers use any one wants add changes or add validation to source feel free to commit changes. I really happy to use your expert suggestions Best Regards Farzan Dalaee On Tue, Dec 2, 2014, 9:50 PM Derek Ellison <derek.isname@xxxxxxxxx> wrote: > I see a problem here and please correct me if I'm wrong, as I have not > actually tested this code. > > It appears that you are building your SQL queries directly from the POST > data without any sanitation. This easily introduces SQL injection > vulnerabilities into your code. > > In your case it looks like prepared statements aren't going to work, so I > would suggest using a white-list of safe values and check against that. > > Even if this is meant only for a developer to use and not public facing, > you should always assume the input is malicious and protect against it. > > Thanks, > Derek > > > On Mon, Dec 1, 2014 at 11:42 PM, Farzan Dalaee <farzan.dalaee@xxxxxxxxx> > wrote: > >> Hi all >> My open source tree view project on github >> Feel free to use it >> https://github.com/farzandalaee/FDTreeView >> >> Best Regards >> Farzan Dalaee >> > >
