The front end of BalfBlog is now using prepared statements for everything. This was absolutely crucial since most of the front end relied on users sending GET requests to the blog. These are now completely safe since the update.
The dashboard has already featured prepared statements for sending information, but the front end was still lacking. I will point out however, as a result of this update you currently cannot combine queries. This means you cannot search for a user and a category at the same time. So this no longer works:
blog/?cat=General&poster=jamiebalfour04
This is coming back very soon however. As a matter of fact it is in the latest version, it's simply not tested thouroughly enough for me to be sure it can be released.
The big security update for BalfBlog is done! Now all statements are protected against SQL injection and use PHP's prepared statements. I'm hoping this will make BalfBlog much more secure for all users.
If you are interested in downloading a pre-release version, let me know by email.
