Closed (won't fix)
Project:
Security Review
Version:
7.x-1.0
Component:
Documentation
Priority:
Major
Category:
Support request
Assigned:
Reporter:
Created:
26 Apr 2012 at 04:57 UTC
Updated:
26 Apr 2012 at 13:10 UTC
Hi,
Is "query injection" possible in drupal?
If yes, how to prevent this?
if no. please give the reason or structure by this it is not possible
Comments
Comment #1
coltraneProper use of Drupal's database API will protect against SQL injection from user-supplied input. For more information please read http://drupal.org/writing-secure-code and http://drupal.org/node/310069 and http://drupalsecurityreport.org/