http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10590
--- Comment #4 from Robin Sheat <[email protected]> --- Created attachment 19660 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=19660&action=edit Bug 10590 - parameterise the limit option The limit option was previously substituted directly into the query. The previous patch on bug 10590 filters it on input, but there's no reason not to have it made to work properly in the query for added safety. --- Comment #5 from Fridolyn SOMERS <[email protected]> --- (In reply to Robin Sheat from comment #2) I did not took the time to hack the system with that but nevertheless it is dangerous to keep it as it is. > I don't think your patch goes far enough though: the $limit should be > replaced by a '?' as well as being filtered You mean ending query with "limit ?" and using execute($limit) ? I thought it would not work because limit will be a string : "limit '10'". -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
