http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10590 Robin Sheat <robin@catalyst.net.nz> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Signed Off --- Comment #6 from Robin Sheat <robin@catalyst.net.nz> --- (In reply to Fridolyn SOMERS from comment #5)
(In reply to Robin Sheat from comment #2) I did not took the time to hack the system with that but nevertheless it is dangerous to keep it as it is.
It is.
I don't think your patch goes far enough though: the $limit should be replaced by a '?' as well as being filtered You mean ending query with "limit ?" and using execute($limit) ? I thought it would not work because limit will be a string : "limit '10'".
It works fine, SQL doesn't really care about the difference between strings and numbers when working with parameters. I'm marking this signed off as it's /vital/ that one of these patches goes in, it'd be best if they both did. -- You are receiving this mail because: You are watching all bug changes.