Hi,
Is "query injection" possible in drupal?
If yes, how to prevent this?
if no. please give the reason or structure by this it is not possible

Comments

coltrane’s picture

Status: Active » Closed (won't fix)

Proper use of Drupal's database API will protect against SQL injection from user-supplied input. For more information please read http://drupal.org/writing-secure-code and http://drupal.org/node/310069 and http://drupalsecurityreport.org/