Joomla! Issue Tracker | Joomla! CMS #31560 - [4.0] Fix query to use prepared statements

Closed
14 Dec 2020
Medium
Build: staging
# 31560

wilsonge
2 Dec 2020

51c5083#diff-664f22540552ccb73f1d9f0cb0942fdbc74ed99e6777ce3c9c43190825f482a9R350

Had a particularly complicated query that needs moving to a prepared statement. Hopefully one @alikon or @richard67 can look at?

wilsonge - open - 2 Dec 2020

joomla-cms-bot - change - 2 Dec 2020

Labels

Added: ?

joomla-cms-bot - labeled - 2 Dec 2020

wilsonge - change - 2 Dec 2020

The description was changed

wilsonge - edited - 2 Dec 2020

HLeithner - comment - 4 Dec 2020

Doesn't look like that it needs converted because all variables are cast to integer.

Edit: forget this part. the code is good as it is and comment can be removed
-The order part looks like some escaping is missing, but the mention comment can be removed-

richard67 - comment - 4 Dec 2020

Agree, I see not need to convert to prepared statements here.

wilsonge - comment - 14 Dec 2020

I thought our aim/sales pitch for J4 was everything was using prepared statements? I mean I'm happy to close if you guys want though

richard67 - comment - 14 Dec 2020

It NEVER was MY aim that EVERYTHING uses prepared statements.

wilsonge - change - 14 Dec 2020

Status	New	⇒	Closed
Closed_Date	0000-00-00 00:00:00	⇒	2020-12-14 23:30:44
Closed_By		⇒	wilsonge

wilsonge - close - 14 Dec 2020

Add a Comment

Older
Newer

Joomla! Issue Tracker - CMS

[#31560] - [4.0] Fix query to use prepared statements

Add a Comment