Andrew Moore a écrit : > On Thu, Jul 31, 2008 at 7:31 AM, paul POULAIN <[EMAIL PROTECTED]> wrote: > >> /me disagree : the $dbh->quote() does exactly the same thing as the >> placeholder : ie escaping SQL to avoir SQL injections. So this patch >> solves nothing on this aspect ;-) >> > Very well. I wouldn't object to backing these patches out. > The resulting code is correct. The previous code was also correct. So I think both are valid. It's fair not to rollback according. I just wanted to point for future, that there is no injection risk with quote()
(I remember having added many $quote to avoid that years ago, that why I emailed) -- Paul POULAIN http://www.biblibre.com Expert en Logiciels Libres pour l'info-doc NOUVEAU TELEPHONE : 04 91 81 35 08 _______________________________________________ Koha-patches mailing list [email protected] http://lists.koha.org/mailman/listinfo/koha-patches
