[TYPO3-english] SQL Injection & Cross-site scripting

Jigal van Hemert jigal at xs4all.nl
Wed Nov 16 15:30:05 CET 2011


Hi,

On 16-11-2011 15:22, Peter Kühnlein wrote:
> Since there are numerous ways to perform an sql-injection, you have to
> protect your installation multiply. One thing might be the following
> http://www.t3node.com/blog/prevent-sql-injection-in-typoscript-when-using-strings-from-get-parameters/

Since TYPO3 4.4 you can use markers in a CONTENT TypoScript object [1] 
to prevent SQL injections.

[1] 
http://buzz.typo3.org/article/safety-and-flexibility-in-typoscript-queries/

-- 
Kind regards / met vriendelijke groet,

Jigal van Hemert.


More information about the TYPO3-english mailing list