[GRASS-dev] 7.0.5 release planning
Maris Nartiss
maris.gis at gmail.com
Wed Aug 3 02:33:56 PDT 2016
2016-07-19 17:27 GMT+03:00 Moritz Lennert <mlennert at club.worldonline.be>:
> There's also https://trac.osgeo.org/grass/ticket/2252 which has been pushed
> from release to release. I don't really know how to handle the issue. Anyone
> of the wxGUI developers maybe ?
>
> Moritz
It would be better to be fixed at the DBMI level. We can argue about
security aspects of this issue, but ability to enter unescaped
apostrophes into text fields is a must for any data entry forms.
The easiest solution would be to implement add_slashes/strip_slashes
[1], although prepared statements with parameter binding is the way to
go [2].
1. https://en.wikipedia.org/wiki/SQL_injection#Escaping
2. https://en.wikipedia.org/wiki/Prepared_statement
Māris.
More information about the grass-dev
mailing list