]> git.koha-community.org Git - koha.git/commit
Bug 19061: Avoid SQL Injection vulnerability
authorColin Campbell <colin.campbell@ptfs-europe.com>
Tue, 8 Aug 2017 10:47:40 +0000 (11:47 +0100)
committerJonathan Druart <jonathan.druart@bugs.koha-community.org>
Tue, 15 Aug 2017 15:17:43 +0000 (12:17 -0300)
commit1c2ee5903cfe19379d20a847558fb0c176580cc0
treed1173481f7c1cbde5d3793d00a3392a365f30136
parente03f590fa1080b1c3fbe25c91af08094620609d6
Bug 19061: Avoid SQL Injection vulnerability

Embedding values in the SQL statement allows the passing of values
that would normally be rejected resulting in mysql errors
variables should always be passed via placeholders and
the execute call

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
reports/cash_register_stats.pl