[TYPO3-dev] CONTENT object and SQL injection prevention

[Jigal van Hemert]

Martin Holtz wrote:
> but it would not be possible to create a dynamic query then?
> 
> where = title > :whatever
> where.append = CASE

True. You could do something with conditions (although that would have 
other disadvantages).

Then again, the PDO::prepare() does not allow dynamic queries either :-)

But you truly caught one disadvantage; good catch!

-- 
Jigal van Hemert.