[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [phpGroupWare-developers] Re: sql strengthening in class.accounts_.i
From: |
Chris Weiss |
Subject: |
Re: [phpGroupWare-developers] Re: sql strengthening in class.accounts_.inc.php |
Date: |
Tue, 3 Jun 2008 12:11:05 -0500 |
On Tue, Jun 3, 2008 at 10:30 AM, Maât <address@hidden> wrote:
> Chris Weiss a écrit :
>>
>> um, this does exactly nothing. if you added ";" I might see it, but
>> this is effectively pointless.
>>
>>
>
> ||CW : 1 - 0 Maât
>
> :)
>
> as there is an (int) before $this->account_id the single quotes is not
> needed for security reasons.
>
> though, if i'm not mistaken, acl_location is a string from the db point of
> view... perhaps required by some db (pg ?)
>
if it is a char it should have quotes, but if it is always a number
then it should not be a char. if it is not always a number then it
should not have the (int) cast.
if it is not a char then it should not have the quotes, the quotes
will cause an unessicary cast on the db side and some db's will also
complain.