Script function

 Handle String value as Alinous-Script recursively. When you use this function, please take care of the security issue.

It is because this function can execute almost everything. Therefor before executing this, check if the SQL injection occurs.

evaluate($script)

Executes $script string as script. In the script, The variables at the main script calling this function is available.

About security

 The Alinous-Core uses variable as place holder and the value is automatically escaped when the value includes "'" character.

But if you write script SQL function which includes value, and the value is written directly in the script string, the SQL Injection occurs.

I strongly recommend you to avoid to implement code to execute this function with free string input. And use the variables as place holder as possible as you can.


Go to Top