[TYPO3-english] SQL Injection & Cross-site scripting
Jigal van Hemert
jigal at xs4all.nl
Wed Nov 16 15:30:05 CET 2011
Hi,
On 16-11-2011 15:22, Peter Kühnlein wrote:
> Since there are numerous ways to perform an sql-injection, you have to
> protect your installation multiply. One thing might be the following
> http://www.t3node.com/blog/prevent-sql-injection-in-typoscript-when-using-strings-from-get-parameters/
Since TYPO3 4.4 you can use markers in a CONTENT TypoScript object [1]
to prevent SQL injections.
[1]
http://buzz.typo3.org/article/safety-and-flexibility-in-typoscript-queries/
--
Kind regards / met vriendelijke groet,
Jigal van Hemert.
More information about the TYPO3-english
mailing list