[TASK] Doctrine: Create named parameters for value setting operations (02dc3256) · Commits · TYPO3 / TYPO3.CMS

Commit 02dc3256 authored Apr 18, 2016 by

Morton Jonuschat Committed by Christian Kuhn Apr 19, 2016

[TASK] Doctrine: Create named parameters for value setting operations

To reduce the risk of SQL injections methods used to set values in the
database have been modified to create named parameters by default.

To work with SQL fragments/expressions this behavior can be disabled by
setting $createNamedParameter to false.

Releases: master
Resolves: #75755
Change-Id: I03bff29b0d50c0a3e7d7dbf27538f1c3dfca51da
Reviewed-on: https://review.typo3.org/47762


Reviewed-by: Susanne Moog <typo3@susannemoog.de>
Tested-by: Susanne Moog <typo3@susannemoog.de>
Reviewed-by: Mathias Schreiber <mathias.schreiber@wmdb.de>
Tested-by: Mathias Schreiber <mathias.schreiber@wmdb.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>

parent 66fef7ae

Hide whitespace changes

Inline Side-by-side

Please register or to comment