This is something that was mentioned by Victor initially, when he saw that at that point there was no enforcement of type’s

 

I’ve started adding code (currently testing under MSSQL only) to check the types of data both going IN and OUT of db queries.

 

For now, this is located at:

 

https://github.com/grangeway/mantisbt/blob/dbapi/core/database_api.php#L171

 

https://github.com/grangeway/mantisbt/blob/dbapi/core/database_api.php#L204

 

https://github.com/grangeway/mantisbt/blob/dbapi/core/classes/MantisDatabase/PDO/PDO.class.php#L177

 

I’ve not got time tonight to separate it out of the main files into the different database engines, but can anyone see any obvious problems with this approach? (albeit given it obviously need to be handled per-database-engine and not in it’s current form)

 

Paul