sanitize_sql_string is somewhat over-paranoid. unless I am mistaking, it basically removes any occurrence of ; in sql strings. not exactly what you want in a publishing tool.
even for a finance app, really. i’ve worked with firms in the finance sector in the past. in practice, they’re hardly less insecure as another firm. and you basically cannot use a security measure such as this: it will likely break a market data, order routing and clearing application who relies on it.
An avid fan of business, education, technology and finance. I lead a lean, highly focussed and capable team of Java Back End developers and Front End developers through a maze of complex software wizardry to fulfill the web maintenance needs of a large chemical manufacturer. As per Myers-Briggs Personality Types, I am an ESTJ. I pride in a project completed on time and according to plan. My hobbies include all kinds of technology, anything that I can taste and anything that goes fast or flies in the air. I like to read business books and comics in my spare time.
sanitize_sql_string is somewhat over-paranoid. unless I am mistaking, it basically removes any occurrence of ; in sql strings. not exactly what you want in a publishing tool.
Maybe for a blogging tool, but for any app of finance, it is just being safe.
even for a finance app, really. i’ve worked with firms in the finance sector in the past. in practice, they’re hardly less insecure as another firm. and you basically cannot use a security measure such as this: it will likely break a market data, order routing and clearing application who relies on it.