[Typo3-dev] how to create an individual search-form in anextension
Christian Trabold
trabold at mehrwert.de
Thu Oct 27 17:21:43 CEST 2005
Hello Mischa,
> 3. Use the _POST-function for creating your needed WHERE-String. eg.:
> <input type="text" name="search_cat" value=""> will be:
> t3lib_div::_POST('search_cat')
> So you can make 'AND WHERE uid = '.t3lib_div::_POST('search_cat')
please avoid "AND WHERE uid = '.t3lib_div::_POST('search_cat')".
_Never_ use variables from outside your script without validating!
Example:
$cat = t3lib_div::_POST('search_cat');
$cat = intval($cat);
... "WHERE uid '. $cat .'" ...
Regards,
Christian
More information about the TYPO3-dev
mailing list