ZF-12352: possilbe sql injection on order

Issue Type:
Bug
Created:
2012-07-28T18:12:38.000+0000
Last Updated:
2012-07-30T14:42:51.000+0000
Status:
Resolved
Fix version(s):
    Reporter:
    dwalker (pcmad)
    Assignee:
    Ralph Schindler (ralph)
    Tags:
    • Zend_Db_Select
    Related issues:
    Attachments:

    Description

    Fatal error: Maximum execution time of 30 seconds exceeded in Zend/Mime.php on line 152

    when there is a ' in the order eg $select->order('id \' ASC');

    Comments

    Posted by Ryan Mauger (bittarman) on 2012-07-30T14:42:51.000+0000

    Please use quoteInto for user input, or parameterize the query.