-
To remove the susceptiblity to errors of SQL injections within the core the principle of prepared statements should be followed for all queries. Even variables which will be casted to e.g. an integer should use setParameter(), setParameters() or createNamedParameter(). Change-Id: I7d6d256a199ba05f75791eb01f38b3b89b421989 Resolves: #78437 Releases: master Reviewed-on: https://review.typo3.org/50090 Tested-by:
TYPO3com <no-reply@typo3.com> Reviewed-by:
Anja Leichsenring <aleichsenring@ab-softlab.de> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Tested-by:
d478cbe9
