http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10276
Kyle M Hall <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Failed QA |Signed Off --- Comment #27 from Kyle M Hall <[email protected]> --- (In reply to Katrin Fischer from comment #26) > Hi Kyle, I am a bit worried about the stringify because it will break > escaping by dbi. I think it would be better using a list: > > There is an example for that in our coding guidelines: > http://wiki.koha-community.org/wiki/Coding_Guidelines#SQL10:_Placeholders Using placeholders would end up complicating every single query in an extreme manner. That practice of using placeholders is to prevent SQL injection attacks. That is not an issue here. An attack such as that is absolutely not possible in this case, since what we are turning into a string is a list of branchcodes that were just pulled from the database. Good question though! -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
