protected Connection::filterComment($comment = '')
Sanitize a query comment string.
Ensure a query comment does not include strings such as "* /" that might terminate the comment early. This avoids SQL injection attacks via the query comment. The comment strings in this example are separated by a space to avoid PHP parse errors.
For example, the comment:
db_update('example')
->condition('id', $id)
->fields(array('field2' => 10))
->comment('Exploit * / DROP TABLE node; --')
->execute()
Would result in the following SQL statement being generated:
"/ * Exploit * / DROP TABLE node. -- * / UPDATE example SET field2=..."
Unless the comment is sanitised first, the SQL server would drop the node table and ignore the rest of the SQL statement.
string $comment: A query comment string.
string A sanitized version of the query comment string.
protected function filterComment($comment = '') {
// Change semicolons to period to avoid triggering multi-statement check.
return strtr($comment, ['*' => ' * ', ';' => '.']);
}
© 2001–2016 by the original authors
Licensed under the GNU General Public License, version 2 and later.
Drupal is a registered trademark of Dries Buytaert.
https://api.drupal.org/api/drupal/core!lib!Drupal!Core!Database!Connection.php/function/Connection::filterComment/8.1.x