phpgroupware-developers
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [phpGroupWare-developers] Re: sql strengthening in class.accounts_.i

From: Chris Weiss
Subject: Re: [phpGroupWare-developers] Re: sql strengthening in class.accounts_.inc.php
Date: Tue, 3 Jun 2008 12:11:05 -0500 
On Tue, Jun 3, 2008 at 10:30 AM, Maât <address@hidden> wrote:
> Chris Weiss a écrit :
>>
>> um, this does exactly nothing.  if you added ";" I might see it, but
>> this is effectively pointless.
>>
>>
>
> ||CW : 1 - 0 Maât
>
> :)
>
> as there is an (int) before $this->account_id the single quotes is not
> needed for security reasons.
>
> though, if i'm not mistaken, acl_location is a string from the db point of
> view... perhaps required by some db (pg ?)
>

if it is a char it should have quotes, but if it is always a number
then it should not be a char.  if it is not always a number then it
should not have the (int) cast.

if it is not a char then it should not have the quotes, the quotes
will cause an unessicary cast on the db side and some db's will also
complain.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]