[TYPO3-dev] Strange escaping problem
Ulrich Lorenz PHZ Luzern
lorenz.ulrich at phz.ch
Wed May 12 14:00:28 CEST 2010
Hi Steffen
Thanks for your reply. The problem is that even if it's not CGL compliant yesterday everything was fine and after updating to T3BLOG 0.8.3 (where this particular query wasn't changed) it doesn't work anymore.
Some mechanism seems to be changing the SQL WHERE statement before executing from
' AND irre_parenttable=\'tx_t3blog_post\' '
to
' AND irre_parenttable=\\'tx_t3blog_post\\' '
Full class:
<http://typo3.org/extensions/repository/view/t3blog/current/info/pi1%252Fwidgets%252FblogList%252Fclass.listFunctions.php/>
Lorenz
> -----Ursprüngliche Nachricht-----
> Von: typo3-dev-bounces at lists.typo3.org [mailto:typo3-dev-
> bounces at lists.typo3.org] Im Auftrag von Steffen Kamper
> Gesendet: Mittwoch, 12. Mai 2010 12:57
> An: typo3-dev at lists.typo3.org
> Betreff: Re: [TYPO3-dev] Strange escaping problem
>
> Hi,
>
> ' AND irre_parenttable="tx_t3blog_post"' .
>
> If you compute the parts, use fullQuoteStr or quoteStr to be DBAL safe,
> never mask it manually.
>
> vg Steffen
> _______________________________________________
> TYPO3-dev mailing list
> TYPO3-dev at lists.typo3.org
> http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-dev
More information about the TYPO3-dev
mailing list