_coder_review_security_sql_var_warning

Versions

mediamosa-21

_coder_review_security_sql_var_warning()

Code

sites/all/modules/coder/coder_review/includes/coder_review_security.inc, line 96

<?php
function _coder_review_security_sql_var_warning() {
  return array(
    '#warning' => t('In SQL strings, Use !db_query() placeholders in place of variables.  This is a potential source of SQL injection attacks when the variable can come from user data.',
      array(
        '!db_query' => theme('drupalapi', 'db_query'),
      )
    ),
    '#link' => 'http://drupal.org/writing-secure-code',
    '#description' => t('Use %s and %d variable substitution.  When inserting an array of values use <code>$placeholders = implode(\',\', array_fill(0, count($args), "\'%s\'"));</code>'),
  );
}
?>