Open Rillke opened 5 years ago
Ok, I see the point. How can we achieve this? Is this a larger (or complex) issue?
Ok, I see the point. How can we achieve this? Is this a larger (or complex) issue?
Might not be the case. However, while considering prepared statements, one should also consider a clear separation between the data layer/model and the controller/view functionality.
We should implement that for the new productive version if possible (mid-priority).
Could you make a list of files that still need revision?
Please always use prepared statements instead of self-made string-concatenation to guard against SQL injection. Prepared statements are the only easy way to check and prove that no injection is possible.