1
Hey there, guys! I am currently using sqlite in a personal project and am using this class: https://github.com/TimOliver/PHP-Framework-Classes/blob/master/db.sqlite.class.php
When I use its query function, I am Sqlinjection capable, for example in this example:
$login=$database ->get_row('SELECT * from usuarios where login="'.$login.'" and senha="'.$senha.'"',$resultado);
When using the quotes, it breaks my query and ends up being exposed to sql Injection. I tried to do some things but did not succeed in preventing it. Could anyone help me?
You’ve already taken a look at the method
prepareof that class?– Jefferson Quesado
Already, some functions use it. When I use get_row it does not pass the query for that. I tried to make him take it there but I didn’t have much possible result :/
– Funny Dog