ZF-12352: possilbe sql injection on order

Issue Type: Bug Created: 2012-07-28T18:12:38.000+0000 Last Updated: 2012-07-30T14:42:51.000+0000 Status: Resolved Fix version(s): Reporter: dwalker (pcmad) Assignee: Ralph Schindler (ralph) Tags: - Zend_Db_Select

Related issues: Attachments:


Fatal error: Maximum execution time of 30 seconds exceeded in Zend/Mime.php on line 152

when there is a ' in the order eg $select->order('id \' ASC');


Posted by Ryan Mauger (bittarman) on 2012-07-30T14:42:51.000+0000

Please use quoteInto for user input, or parameterize the query.

Have you found an issue?

See the Overview section for more details.


© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.