This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.
Summary: | Detect SQL injection risks in PHP code | ||
---|---|---|---|
Product: | db | Reporter: | Roman Mostyka <romanmostyka> |
Component: | Code | Assignee: | Libor Fischmeistr <lfischmeistr> |
Status: | RESOLVED INVALID | ||
Severity: | blocker | ||
Priority: | P3 | ||
Version: | 6.x | ||
Hardware: | All | ||
OS: | All | ||
Issue Type: | ENHANCEMENT | Exception Reporter: |
Description
Roman Mostyka
2008-12-12 15:07:19 UTC
Reassigned to new owner. This is not in the functional horizon of database support. While prevent SQL injections is just a matter of using the right tools: - prepared statements - manually quoted data - use only save values Detecting an sql injection is basicly hopeless without holding all the code - how should a scanner know, that my values are save by definition (for example just queried), that I escaped outside the analysed context, while this very complex, there is little gain. A developer missing the above tools will shoot himself no matter what. |