String formatting is used to prepare SQL statements
|Reported by:||rjollos||Owned by:||rjollos|
|Severity:||normal||Keywords:||sql string formatting|
String formatting is used to prepare SQL statement, which opens up the possibility of SQL injection and cross-DB compatibility problems. Proper use of the Trac database API is described in t:TracDev/DatabaseApi#RulesforDBAPIUsage.
Is the plugin still being maintained? I'd be happy to fix these issues if the plugin author approves. I'll proceed if there is no response in two weeks, per the AdoptingHacks policy.