Home/ Questions/Q 7722417
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-01T04:10:00+00:00

Being a newbie I thought I understood what to do from a security standpoint

  • 0

Being a newbie I thought I understood what to do from a security standpoint but I still need some help.

I have a form that takes in a number of things about a camera’s details. Such as the camera name and a number of other options that are part of an html select. I process this in php:

$db = &JFactory::getDBO();

if (isset($_POST['addcamera'])) {

    //process changes to camera options 
    if ( !empty($_POST['camera_type']) && !empty($_POST['camera_status']) && !empty($_POST['camera_name']) && !empty($_POST['camera_quality']) && !empty($_POST['email_notice']) )
    {       
        $add_name = JRequest::getVar('camera_name', 'Default Camera', 'post', 'STRING');
        $add_quality = JRequest::getVar('camera_quality', '', 'post', 'STRING');
        $add_motion_detection = JRequest::getVar('camera_status', '', 'post', 'STRING');
        $add_email_notice = JRequest::getVar('email_notice', '', 'post', 'STRING');
        $camera_type = JRequest::getVar('camera_type', '', 'post', 'STRING');
        //and so on...

        //then I add to DB
        $query_insert_camera = "INSERT INTO #__cameras (camera_status, camera_name, camera_quality, email_notice, camera_type, camera_hash, camera_sensitivity, user_id) VALUES ('".$add_motion_detection."','".$add_name."','".$add_quality."','".$add_email_notice."','".$camera_type."','".$add_camera_hash."','".$add_sensitivity."','".$user->id."')";
        $db->setQuery($query_insert_camera);
        $db->query();

I do use jquery validation for my forms and on the php side of things since I’m using Joomla I’m using getVar: http://docs.joomla.org/Retrieving_and_Filtering_GET_and_POST_requests_with_JRequest::getVar. I believe I’m covering myself from XSS and SQL attacks but could someone confirm that this is the right approach?

Is there anything else I’m missing?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    In my opinion, as long as you keep your joomla core up to date, there are less risks.

    These links might give you an idea not only about the XSS and SQL attacks in joomla for your extension:

    You can use one of these plugins as well to reinforce your security against those attacks:

    And here’s the code of getVar where you can see how protected your site is against SQL injection and XSS:

    • 0