Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#1292 closed Bug (fixed)

Deprecate/remove Piwik_Quote()

Reported by: vipsoft Owned by: vipsoft
Priority: normal Milestone: Piwik 0.6
Component: Core Keywords:
Cc: Sensitive: no

Description

Not used anywhere in Piwik core because we use Zend to prepare statements. Moreover, manual for PDO::quote says:

[...] you are strongly recommended to use PDO::prepare() to prepare SQL statements with bound parameters instead of using PDO::quote() to interpolate user input into a SQL statement. Prepared statements with bound parameters are not only more portable, more convenient, immune to SQL injection, but are often much faster to execute than interpolated queries, as both the server and client side can cache a compiled form of the query.

Change History (3)

comment:1 Changed 4 years ago by vipsoft (robocoder)

  • Milestone changed from 3 - Piwik 0.8 - A Web Analytics platform to 1 - Piwik 0.6
  • Owner set to vipsoft

comment:2 Changed 4 years ago by vipsoft (robocoder)

  • Resolution set to fixed
  • Status changed from new to closed

(In [2054]) fixes #882 - Piwik_Query() can now be used by tracker plugins;
fixes #1292 - remove (deprecated/unused) Piwik_Quote() since we use Zend_Db for prepared statements; add Piwik_FetchRow() for completeness

comment:3 Changed 4 years ago by vipsoft (robocoder)

(In [2055]) refs #1292/[2054] - typo in phpdocs

Note: See TracTickets for help on using tickets.