[TYPO3-dev] Improvement against SQL injections (extension created)

[Ingo Renner]

ries van Twisk wrote:

Hi Ries,

> So right after the DB connection is created the SQL injection 
> delectation system is executed.
> Currently it will try to find typical SQL injections 
> (inserts/updates/deletes)

how about SELECTs? Rupi once showed how to get BE acces without needing 
an insert or update IIRR...

So basically there shouldn't be any SQL in GET/POST


Ingo