[TYPO3-core] RFC: Feature Request #6882: Enable stdWrap for select.where
JoH asenau
info at cybercraft.de
Tue Sep 29 00:29:01 CEST 2009
>>> The negative side-effect of applying this RFC to Trunk would be that
>>> SQL injections then possible in TypoScript as well. I don't think
>>> this is a good idea.
>>
>> Wouldn't that be possible already using select.andWhere?
> Absolutely yes. Holding this feature back does not make sense at all.
> I'd propose to include a warning into documentation not to use
> unescaped GPvars with this feature.
Then could you please enlighten people, how to escape values other than
integers with TypoScript?
IMHO it's not that easy.
Joey
--
Wenn man keine Ahnung hat: Einfach mal Fresse halten!
(If you have no clues: simply shut your gob sometimes!)
Dieter Nuhr, German comedian
Xing: http://contact.cybercraft.de
Twitter: http://twitter.com/bunnyfield
TYPO3 cookbook (2nd edition): http://www.typo3experts.com
TYPO3 workshops: http://workshops.eqony.com
More information about the TYPO3-team-core
mailing list