| GHengeveld |  | 
|---|---|
| Basic security for you plugin is provided by following these rules: - Use the SED_CODE check as the first line of your plugin code - ALWAYS use the sed_import() function for importing http request parameters (don't forget to use the right datatype and use the optional maxlenght if applicable) - Use sed_sql_prep() function in SQL statements, or cast using (int) for integer values (usually IDs) - Try to use Cotonti's core functions (see functions.php and database.mysql.php) instead of your own as much as possible, this includes using functions that replace default php functions such as sed_sql_query (mysql_query()) - Don't trust ANY data given by a user, always expect data to be unsafe - Don't do anything stupid A tutorial might be a good thing to have though. Dieser Beitrag wurde von Koradhil (am 14. Mai 2009, 20:01, vor 16 Jahre) bearbeitet |