http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10276
Galen Charlton <gmcha...@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |gmcha...@gmail.com --- Comment #34 from Galen Charlton <gmcha...@gmail.com> --- (In reply to Chris Cormack from comment #33) > So we dont need to bother doing the escaping ourself, eg, what if branchcode > had a character that would bust the query, > GetIndependentGroupModificationRights is doing no escaping/sanitation, ie it > is handing back what is in the db, with , '. And $dbh->quote() is not the answer, either. I am taking a hard line on this: I will never knowingly push patches that add violations of SQL10 (and certainly not a bunch of them in one fell swoop). I see no upside for the short- and long-term health of the codebase to do so. (In reply to Kyle M Hall from comment #27) > Using placeholders would end up complicating every single query in an > extreme manner. No, it wouldn't. There is an example of how to handle it in code you've written yourself, i.e., ModCourseInstructors(). -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/