Support

Admin Tools

#27174 SQLiShield

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Tuesday, 21 February 2017 01:26 CST

Monday, 20 February 2017 14:36 CST

Mateusz289
Hi

I have enabled SQLiSield to prevent before SQL injections attacks. I am not sure if getting data with GetVar or just $_GET allow to filter common SQL attacks. Should I implement/add filtering based on SQLiShield after GetVar/$_GET or I should not worry about impementing/adding it (I mean filtering is doing if just SQLiShield is enabled)?

Best regards

Mateusz Otrebski

Monday, 20 February 2017 14:47 CST

Mateusz289
" I am not sure if getting data with GetVar or just $_GET allow to filter common SQL attacks." - Sorry for double but exactly I mean here if SQLiShield works in case if I just use GetVar/$_GET (Maybe this question is strange but I not see in code how this Shield can protect before SQL attacks, for example $_GET($variable) and then just use $variable in mysql query - so if it works it is not visible)? If not in what case it works?

Tuesday, 21 February 2017 01:26 CST

nicholas
You do not have to do anything. SQLiShield goes through data reachable by PHP's $_GET, $_POST and $_REQUEST superglobal array. It actually goes through each array separately to protect you against variable obscuring. This is done through Joomla's JInput API which explained why you can't understand the code. You are looking for naive use of $_GET, $_POST and $_REQUEST which would be completely wrong as it would only give access to Joomla pre-filtered data, not the raw user input values.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!