2016-07-19 17:27 GMT+03:00 Moritz Lennert <[email protected]>: > There's also https://trac.osgeo.org/grass/ticket/2252 which has been pushed > from release to release. I don't really know how to handle the issue. Anyone > of the wxGUI developers maybe ? > > Moritz It would be better to be fixed at the DBMI level. We can argue about security aspects of this issue, but ability to enter unescaped apostrophes into text fields is a must for any data entry forms. The easiest solution would be to implement add_slashes/strip_slashes [1], although prepared statements with parameter binding is the way to go [2].
1. https://en.wikipedia.org/wiki/SQL_injection#Escaping 2. https://en.wikipedia.org/wiki/Prepared_statement Māris. _______________________________________________ grass-dev mailing list [email protected] http://lists.osgeo.org/mailman/listinfo/grass-dev
