[Mediawiki-l] escaping user input
Paul Jones
shagreel at gmail.com
Thu Sep 15 22:39:51 UTC 2005
I am creating a custom special page to gather some information from user. I
have create a table to store the data in and am trying to use the Database
object to access it. This all works fine, but I need to validate the user
input. I would like to use mysql_real_escape_string to avoid sql injection,
but there does not seem to be any function in the Database object to escape
a string. I suspect there is an easy way to do this since mediawiki accepts
a lot of user input. Anyone know what the best way to go about escaping user
input is within the mediawiki architecture?
Thank you,
Paul
More information about the MediaWiki-l
mailing list