Custom Query (13 matches)
Results (10 - 12 of 13)
Ticket | Owner | Reporter | Resolution | Summary |
---|---|---|---|---|
#21 | fixed | Create minimal interface to change email notification settings | ||
Description |
With the who-and-on-which-events internals of the email notice settings moved into a database table, we need an interface to manage those settings. |
|||
#29 | invalid | test ticket | ||
Description |
testing email |
|||
#34 | fixed | SQL cleanup - use DBI ? substitutions, move all SQL into IPDB.pm | ||
Description |
Much of the SQL currently uses: $sth = $dbh->prepare("INSERT INTO table (cols) values ('$literal1','$literal2')"); $sth->execute; instead of: $sth = $dbh->prepare("INSERT INTO table (cols) values (?,?)"); $sth->execute($literal1, $literal2); Switching to CGI::Simple (#15) is exposing several places where this is problematic. This is also something of an SQL-injection security issue - using DBI's parameter replacement means that user data goes right into the table, instead of munging the SQL (deliberately or otherwise). |
Note:
See TracQuery
for help on using queries.