Is sanitizing Bullhorn REST API JSON responses redundant?

Forum for users and developers of Bullhorn's API service.

Moderators: StaffingSupport, s.emmons, BullhornSupport

Post Reply
garywong
User
Posts: 8
Joined: Thu Aug 06, 2015 2:05 am

Is sanitizing Bullhorn REST API JSON responses redundant?

Post by garywong » Sat Sep 07, 2019 1:29 am

Hi
I'm taking over for a legacy PHP application that used mysql and did NOT use prepared SQL statements. I'm refactoring it to use mysqli and prepared SQL statements, so I'm wondering if I can get rid of the plethora of "mysqli_real_escape_string()" function calls that were used prior to storing the parsed JSON responses into the mysql 5.x database.

I will sanitize the output prior to spitting it out to my HTML form but hope I can simply *delete* the dozens and dozens of lines that are no longer (in my mind) necessary... I mean, doesn't BullHorn API PUT's and POST's validate for funny characters anyway?

TIA
gary

Post Reply