http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10276
Galen Charlton <gmcha...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |gmcha...@gmail.com
--- Comment #34 from Galen Charlton <gmcha...@gmail.com> ---
(In reply to Chris Cormack from comment #33)
> So we dont need to bother doing the escaping ourself, eg, what if branchcode
> had a character that would bust the query,
> GetIndependentGroupModificationRights is doing no escaping/sanitation, ie it
> is handing back what is in the db, with , '.
And $dbh->quote() is not the answer, either.
I am taking a hard line on this: I will never knowingly push patches that add
violations of SQL10 (and certainly not a bunch of them in one fell swoop). I
see no upside for the short- and long-term health of the codebase to do so.
(In reply to Kyle M Hall from comment #27)
> Using placeholders would end up complicating every single query in an
> extreme manner.
No, it wouldn't. There is an example of how to handle it in code you've
written yourself, i.e., ModCourseInstructors().
--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
