[INP-958] Improvement of "qstr" function - In-Portal Issue Tracker

XML

Word

Printable

Details

Type: Feature Request
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 5.1.3
Fix Version/s: 5.2.0-B1
Component/s: Database
Labels:
- multi-project-commit

External issue URL:
http://tracker.in-portal.org/view.php?id=1180
Change Log Message:
Adds qstrArray function to escape whole array
Story Points:
1
External issue ID:
1180
Copy Issue Key:
Patch Instructions:
Patches must be submitted through Phabricator.
- To submit patch via Command Line use Patches Workflow (via Arcanist) tutorial
- To submit patch via Web Interface use Patches Workflow (via Web Interface) tutorial

Description

In-Portal uses "kDBConnection::qstr" function to escape user request variables before placing their values into database. This prevents sql injections.

However there are cases, when there is a need to escape whole array of values.

I've created kDBConnection:qstrArray function that easily allows to do that.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

qstr_improvement_core.patch
6 kB
20/Dec/11 4:04 AM
qstr_improvement_modules.patch
1 kB
20/Dec/11 4:04 AM

Issue Links

mentioned in: Wiki Page Loading...

Activity

People

Assignee:

Alex

Reporter:

Alex

Developer:

Alex

Votes:

0 Vote for this issue

Watchers:

0 Start watching this issue

Dates

Created:

20/Dec/11 4:04 AM

Updated:

23/Sep/15 12:18 PM

Resolved:

25/Jul/12 5:32 AM