[TYPO3-dev] Improvement against SQL injections
ries van Twisk
typo3 at rvt.dds.nl
Mon Jun 18 14:28:36 CEST 2007
On Jun 18, 2007, at 3:26 AM, Dmitry Dulepov wrote:
>
> Well, I think even that was a bit of overestimation :) Why? Because
> "mysql" extension does not allow several queries in one call. Newer
> "mysqli" allows it but typo3 does not use "mysqli". So, evenif you
> pass
> "id=0;delete from be_users", it will not work. Anyway, non-checked
> parameters are bad, so good that they were fixed.
>>
Don't forget that not the whole world runs MySQL and that there are
some Oracle, PostgreSQL and MS-SQL installations.
Ries
More information about the TYPO3-dev
mailing list