Devel #29
escape all input strings
| Status: | Closed | Start: | 07/09/2008 | |
| Priority: | High | Due date: | ||
| Assigned to: | Andreas Unterkircher | % Done: | 100% |
|
| Category: | internals | Spent time: | 1.50 hours | |
| Target version: | 1.1 | |||
Description
all strings needs to be escaped before the can be placed into the database. special characters like ' will otherwise produce SQL errors...
Associated revisions
Revision b1fa0a38fa9c0a64c9bd262677988f04851f8aed
use prepare() and execute() for data manipulating queries which then will auto-quote, refs #29
Signed-off-by: Andreas Unterkircher <unki@netshadow.at>
History
Updated by Andreas Unterkircher 1412 days ago
- Status changed from Unreviewed to Feedback
- % Done changed from 0 to 80
Updated by Andreas Unterkircher 1412 days ago
- Status changed from Feedback to Closed
- % Done changed from 80 to 100
seems to be ok