This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.
| Summary: | Detect SQL injection risks in PHP code | ||
|---|---|---|---|
| Product: | db | Reporter: | Roman Mostyka <romanmostyka> |
| Component: | Code | Assignee: | Libor Fischmeistr <lfischmeistr> |
| Status: | RESOLVED INVALID | ||
| Severity: | blocker | ||
| Priority: | P3 | ||
| Version: | 6.x | ||
| Hardware: | All | ||
| OS: | All | ||
| Issue Type: | ENHANCEMENT | Exception Reporter: | |
|
Description
Roman Mostyka
2008-12-12 15:07:19 UTC
Reassigned to new owner. This is not in the functional horizon of database support. While prevent SQL injections is just a matter of using the right tools: - prepared statements - manually quoted data - use only save values Detecting an sql injection is basicly hopeless without holding all the code - how should a scanner know, that my values are save by definition (for example just queried), that I escaped outside the analysed context, while this very complex, there is little gain. A developer missing the above tools will shoot himself no matter what. |