[TYPO3-mvc] Find object properties, only using TypoScript
Jigal van Hemert
jigal.van.hemert at typo3.org
Sat Oct 27 21:53:38 CEST 2012
Hi,
On 27-10-2012 18:16, Albrecht Köhnlein wrote:
> uidInList.data = GP:article
Please use markers [1] to insert external data into query parts. Now
you're only introducing potential SQL injection problems. Each marker
value is properly escaped and quoted to prevent SQL injections.
Markers can be used in any other property of 'select' and are available
in all supported TYPO3 versions.
[1]
http://typo3.org/documentation/document-library/core-documentation/doc_core_tsref/4.7.0/view/1/5/#id552862
--
Jigal van Hemert
TYPO3 Core Team member
TYPO3 .... inspiring people to share!
Get involved: typo3.org
More information about the TYPO3-project-typo3v4mvc
mailing list