I'm creating a PHP package for querying WMI objects, and I'm wondering if there's a need to escape strings inserted into WMI queries?
If so, how do I parametrize and escape strings in the query since I can't use things like PDO as it required a PDO connection?
For an example query:
$value = 'PC';
$query = sprintf('SELECT * FROM Win32_LogicalDisk WHERE SystemName = "%s"', $value);
$connection->ExecQuery($query);
Aucun commentaire:
Enregistrer un commentaire