A new feature for SilverStripe should be ...

Refactor ORM to use prepared statements

This is basically already done & merged into master, but needs stabilising.

For security purposes, we should be using PHP provided APIs rather than escaping values into SQL strings ourselves. We can also take this opportunity to add PDO support.

2 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Hamish FriedlanderHamish Friedlander shared this idea  ·   ·  Admin →

    2 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Hamish FriedlanderHamish Friedlander commented  · 

        We haven't really decided what "completed" means yet. It probably doesn't mean "something's been merged into master". Having chatted with Tractorcow though, he feels it's completed so happy to leave like that.

        (Cam's been managing some discussions around flag meanings, I hadn't really realised that wasn't shared with other core devs - will move that discussion to silverstripe-committers.)

      Feedback and Knowledge Base