<div>Hi,</div>
<p style="color: #A0A0A8;">On Monday, 26 August 2013 at 12:20 AM, Rouslan Placella wrote:</p>
<blockquote type="cite" style="border-left-style:solid;border-width:1px;margin-left:0px;padding-left:10px;">
<span><div><div><div>On 08/25/2013 10:14 AM, Ayush Chaudhary wrote:</div><blockquote type="cite"><div><div>Hi,</div><div><br></div><div>I was writing Selenium tests for editing an event. While creating an</div><div>event, I created it with the clause 'EVERY 2 MINUTE_SECOND' and it</div><div>worked fine. However, MySQL stores it as '0:2', so when I go to edit the</div><div>event, the default value for interval field is '0:2', and then when I</div><div>submit the edit form, our code takes the intval from 0:2 and forms the</div><div>query 'EVERY 0 MINUTE_SECOND' and this creates an error.</div><div><br></div><div>Is there a specific reason why intval is being used in</div><div>rte_events.lib.php on Line 585? If not, should I remove that and issue a</div><div>pull request? </div></div></blockquote><div><br></div><div>IIRC, intval was used there to sanitize user input. If you remove it,</div><div>you'll need to add something else to avoid sql injections.</div></div></div></span></blockquote><div>Shouldn't addslashes be fine? And moreover, since the query will be executed via PMA_DatabaseInterface class, shouldn't that alone take care of sanitisation against sql injection? </div><blockquote type="cite" style="border-left-style:solid;border-width:1px;margin-left:0px;padding-left:10px;"><span><div><div><div><br></div><div>Bye,</div><div>Rouslan</div></div><div><div>------------------------------------------------------------------------------</div><div>Introducing Performance Central, a new site from SourceForge and </div><div>AppDynamics. Performance Central is your source for news, insights, </div><div>analysis and resources for efficient Application Performance Management. </div><div>Visit us today!</div><div><a href="http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk">http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk</a></div></div><div><div>_______________________________________________</div><div>Phpmyadmin-devel mailing list</div><div><a href="mailto:Phpmyadmin-devel@lists.sourceforge.net">Phpmyadmin-devel@lists.sourceforge.net</a></div><div><a href="https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel">https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel</a></div></div></div></span>
</blockquote>
<div>
<br>
</div>