http://bugs.koha.org/cgi-bin/bugzilla/show_bug.cgi?id=1953 Summary: remove possible SQL injection attacks Product: Koha Version: unspecified Platform: All OS/Version: All Status: NEW Severity: normal Priority: P3 Component: Database AssignedTo: Andrew.moore@liblime.com ReportedBy: Andrew.moore@liblime.com QAContact: koha-bugs@nongnu.org I've found a handful of SQL queries that don't use placeholders and bind variables, but instead have variables passed directly into them. These may allow SQL injection attacks. I plan on refactoring them so that they use placeholders instead. ------- You are receiving this mail because: ------- You are the QA contact for the bug, or are watching the QA contact.