O'Reilly logo

Drupal 8 Module Development by Daniel Sipos

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

SQL Injection

SQL Injection still remains a very popular vector attack on unsuspecting vulnerable applications that incorrectly make use of database drivers. Luckily, using the Drupal 8 database abstraction layer, we go a long way toward ensuring protection against such vulnerabilities. All we have to do is use it correctly.

When it comes to Entity queries, there isn't much we can do wrong. However, when using the Database API directly as we did in Chapter 8, The Database API, we have to pay attention.

Most of the time, vulnerabilities have to do with improper placeholder management. For example, we should never do things like this:

$database->query('SELECT column FROM {table} t WHERE t.name = ' . $variable);

This is regardless of what

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required