please use placeholders in sql queries

cbluesprl / moodle-mod_hva

Designed and developed in partnership between Cblue and Hyperfiction, this plug-in allows you to connect any thick client application running on any type of device (PC, smartphone, virtual reality headset, etc.) to the Moodle platform via Web Services.

0 stars 0 forks source link

please use placeholders in sql queries #11

Open danmarsden opened 2 years ago

danmarsden commented 2 years ago

https://github.com/cbluesprl/moodle-mod_hva/blob/eca57c5b8ddc7a628e77aa72c368405887ef7dd8/classes/HVA.php#L105

Please do not inject variables into inline sql - use placeholders to prevent sql injection vulnerabilities and to follow moodle codiing guidelines - more info see: https://moodledev.io/docs/apis/core/dml

Lhannecart commented 1 year ago

I have checked all the requests and added a placeholder for each of them in the plugin where necessary.