[Koha-patches] [PATCH] Using "escape=html" on TMPL_VAR containing SQL to prevent HTML from breaking when SQL includes double-quotes.

Owen Leonard oleonard at myacpl.org
Thu Feb 26 19:15:41 CET 2009

Previous message: [Koha-patches] [PATCH] Using "escape=html" on TMPL_VAR containing SQL to prevent HTML from breaking when SQL includes double-quotes.
Next message: [Koha-patches] [PATCH] Using "escape=html" on TMPL_VAR containing SQL to prevent HTML from breaking when SQL includes double-quotes.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Won't this make a statement like:
> ... where field > 1
>
> into:
> ... where field &gt; 1

I've successfully tested it with both angle brackets and double quotes.

  -- Owen

-- 
Web Developer
Athens County Public Libraries
http://www.myacpl.org

Previous message: [Koha-patches] [PATCH] Using "escape=html" on TMPL_VAR containing SQL to prevent HTML from breaking when SQL includes double-quotes.
Next message: [Koha-patches] [PATCH] Using "escape=html" on TMPL_VAR containing SQL to prevent HTML from breaking when SQL includes double-quotes.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Koha-patches mailing list