[TYPO3-mvc] Transition Guide for Persistance Rewrite
Bastian Waidelich
bastian at typo3.org
Tue Aug 4 11:00:18 CEST 2009
Jochen Rau wrote:
Hi Jochen,
> BTW The GET/POST parameter are already escaped in index_ts.php.
in index_ts.php GET/POST parameters are escaped if get_magic_quotes_gpc
is not enabled by calling t3lib_div::addSlashesOnArray(); (which itself
calls PHPs native addslashes() for each item of the array).
But I think, that's not enough for all cases. See
http://www.php.net/manual/en/function.addslashes.php ("It's highly
recommeneded to use DBMS specific escape function[...]")
Bastian
More information about the TYPO3-project-typo3v4mvc
mailing list