Switch to using SQL parameters rather than manual escaping
Registered by
Lucas Jones
Currently, we escape all CSV values before inserting them into the query. A better and safer option would be to use parameterised queries. This would allow other database modules, which do not implement "escape_string", to be used for live import. The only problem is: how do we get the SQL back out again for the dump.
Blueprint information
- Status:
- Started
- Approver:
- Lucas Jones
- Priority:
- Not
- Drafter:
- Lucas Jones
- Direction:
- Needs approval
- Assignee:
- Lucas Jones
- Definition:
- Pending Approval
- Series goal:
- None
- Implementation:
-
Blocked
- Milestone target:
- None
- Started by
- Lucas Jones
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
Seems to be impossible.
(?)
