Need help with my module.

[Kerm]

I trying to place my module on addons, and got "Technical Validation Declined" message with this explanation:

You have security issues, please review all your SQL requests and cast all the variables in it (pSQL, int...) Eg: INET_ATON("'.(empty($ip)?'':$ip).'"), 

And i did not understand what I should do, all the variables in sql queries must be like that '.(empty($ip)?'':$ip).' ?

[rocky]

You need to sanitise the variables in your SQL queries. Cast each variable using (int) if it is an integer, (float) if it is a decimal number or use the pSQL function if it is a string. For example:

Db::getInstance()->ExecuteS('INSERT INTO `'._DB_PREFIX_.'cms_lang` (`id_cms`, `id_lang`, `id_shop`, `meta_title`, `meta_description`, `meta_keywords`, `content`, `link_rewrite`) VALUES ('.(int)$id_cms.', '.(int)$id_lang.', '.(int)$id_shop.', "'.pSQL($meta_title).'", "'.pSQL($meta_description).'", "'.pSQL($meta_keywords).'", "'.pSQL($content).'", "'.pSQL($link_rewrite).'")');

[Kerm]

Thx rocky I've just never seen such solutions in prestashop original code..

[Kerm]

Here is no error in your code?

'.pSQL($content).'

Dont need double quotes? "'.pSQL($content).'" ?

[rocky]

Oh, you're right. My mistake. I've updated my post.