Opened 10 years ago
Closed 10 years ago
#290 closed defect (fixed)
Add bound parameter support to repository SQLite DB class
| Reported by: | dstillman | Owned by: | dstillman |
|---|---|---|---|
| Priority: | critical | Milestone: | |
| Component: | repository | Version: | |
| Keywords: | Cc: |
Description
The repository currently has no SQL injection protection. Needless to say, this is a very bad thing.
Add bound parameter support to the DB class and use it, since addslashes() is useless with SQL92.
Change History (1)
comment:1 Changed 10 years ago by dstillman
- Resolution set to fixed
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
(In [666]) Fixes #290, Add bound parameter support to repository SQLite DB class
And updated repo.php to use bound params for all queries