[TYPO3-dev] CONTENT object and SQL injection prevention
Jigal van Hemert
jigal at xs4all.nl
Mon Mar 29 11:59:37 CEST 2010
Martin Holtz wrote:
> but it would not be possible to create a dynamic query then?
>
> where = title > :whatever
> where.append = CASE
True. You could do something with conditions (although that would have
other disadvantages).
Then again, the PDO::prepare() does not allow dynamic queries either :-)
But you truly caught one disadvantage; good catch!
--
Jigal van Hemert.
More information about the TYPO3-dev
mailing list