Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

tep_db_prepare_input() vs tep_db_input()


Hade

Recommended Posts

In create_account.php, first the email string is sanitized:

 

$email_address = tep_db_prepare_input($HTTP_POST_VARS['email_address']);

 

Fine, it's made safe for the database.

But when it's used on the database, it's sanitized again using this second function:

 

$check_email_query = tep_db_query("select count(*) as total from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "'");

 

 

What's with that? Why is tep_db_input used to sanitize the string again? What did this function do that tep_db_prepare_input didn't?

 

Thanks

Read the forum rules...

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...