View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
ID | Project | Category | View Status | Date Submitted | Last Update | ||||
---|---|---|---|---|---|---|---|---|---|
0000083 | Branch 0.2.1-FINAL | Feature Request | public | 2009-02-19 17:27 | 2016-11-23 11:04 | ||||
Reporter | Quix0r | ||||||||
Assigned To | Quix0r | ||||||||
Priority | low | Severity | feature | Reproducibility | N/A | ||||
Status | closed | Resolution | fixed | ||||||
Platform | PHP5-Latest | OS | Linux | OS Version | 2.6 | ||||
Product Version | 0.2.1-FINAL | ||||||||
Target Version | 0.2.1-FINAL | Fixed in Version | 0.2.1-FINAL | ||||||
Summary | 0000083: Verbesserungen an den SQL-Abfragen | ||||||||
Description | Die SQL-Abfragen sollten wie folgt verbessert werden: - Alle Tabellennamen und -spalten in Backticks (` nicht ') einschliessen - Die Konstante _MYSQL_PREFIX von "._MYSQL_PREFIX." auf {?_MYSQL_PREFIX?} umstellen, damit PHP zur Parserzeit Resourcen sparen kann (weniger Konstanten verarbeitet). | ||||||||
Tags | No tags attached. | ||||||||
Attached Files |
|
Relationships [ Relation Graph ] [ Dependency Graph ] | ||||||
|
Notes | |
Quix0r (administrator) 2009-02-19 19:29 |
Soweit sind mit dem naechsten Commit alle Tabellennamen in Back-Ticks und die Konstante _MYSQL_PREFIX ist in {! und !} eingebunden. |
Quix0r (administrator) 2010-06-28 04:36 |
{!FOO!} (Konstanten einbinden) wird nicht mehr unterstuetzt! |
Quix0r (administrator) 2012-06-06 14:02 |
Das sollte komplett erledigt sein. Bitte zum Einbinden der Daten SQL_QUERY_ESC() und eine Maske verwenden, nicht SQL_QUERY() und einfach mit einem Punkt oder Plus-Zeichen den Query zusammenbauen, da dies sehr unsicher (SQL-Injektionen) ist. |
Quix0r (administrator) 2016-11-23 11:04 |
Und zu damit. |
Issue History | |||
Date Modified | Username | Field | Change |
---|---|---|---|
2009-02-19 17:27 | Quix0r | New Issue | |
2009-02-19 17:28 | Quix0r | Assigned To | => Quix0r |
2009-02-19 17:28 | Quix0r | Status | new => assigned |
2009-02-19 17:28 | Quix0r | Projection | none => tweak |
2009-02-19 17:28 | Quix0r | ETA | none => < 1 day |
2009-02-19 17:28 | Quix0r | Fixed in Version | => 0.2.1-FINAL |
2009-02-19 17:28 | Quix0r | Description Updated | |
2009-02-19 19:29 | Quix0r | Note Added: 0000210 | |
2009-02-19 22:44 |
|
Relationship added | child of 0000084 |
2009-03-02 16:32 | Quix0r | Sticky Issue | No => Yes |
2009-08-06 16:03 | Quix0r | Product Version | 0.2.1-FINAL => |
2009-08-06 16:03 | Quix0r | Fixed in Version | 0.2.1-FINAL => |
2009-10-11 01:25 | Quix0r | Relationship deleted | child of 0000084 |
2009-10-11 01:26 | Quix0r | Relationship added | parent of 0000084 |
2009-11-25 22:56 | Quix0r | Fixed in Version | => 0.2.1-FINAL |
2010-05-28 18:50 | Quix0r | Product Version | => 0.2.1-FINAL |
2010-06-08 03:45 | Quix0r | Fixed in Version | 0.2.1-FINAL => |
2010-06-28 04:36 | Quix0r | Note Added: 0000470 | |
2010-06-28 04:36 | Quix0r | Description Updated | View Revisions |
2012-06-06 14:02 | Quix0r | Note Added: 0000548 | |
2012-06-06 14:02 | Quix0r | Status | assigned => resolved |
2012-06-06 14:02 | Quix0r | Fixed in Version | => 0.2.1-FINAL |
2012-06-06 14:02 | Quix0r | Resolution | open => fixed |
2016-11-23 11:04 | Quix0r | Status | resolved => closed |
2016-11-23 11:04 | Quix0r | Note Added: 0000647 |