[TYPO3-dev] CONTENT object and SQL injection prevention
Jigal van Hemert
jigal at xs4all.nl
Sun Mar 28 22:28:33 CEST 2010
Thanks for your reply!
Ernesto Baschny [cron IT] wrote:
> Jigal van Hemert schrieb am 27.03.2010 16:03:
>> # :whatever is a named marker, see below for the value definition
> Sounds nice, yea! Maybe use the same "markers" syntax as we are used:
> where = title > ###whatever###
No problem. Good idea to stick to a familiar syntax.
>> I'm not sure if there is a good way in the core to handle unknown
>> markers where some have only a value ['markername'], others have only
>> properties ['markername.'] and others have both.
>
> I think I have done that in the past too. Maybe you could do an
> array_keys(), and use array_map() to get a list of all properties
> (filtering the "." suffix) and then walk through a list of properties.
>
> Having that functionality in core would be nice, thou. For example a
> Iterator object which could be used directly in a foreach.
array_map() is often rather slow, but that would be the problem for that
functionality.
I think I'll leave that for another RFC and mark it as a TODO in this
function.
--
Jigal van Hemert.
More information about the TYPO3-dev
mailing list