[TYPO3] MySQL question

Dmitry Dulepov typo3 at accio.lv
Tue Sep 12 16:21:54 CEST 2006


Andreas Jonderko wrote:
> // here you can split the result just like this:
> $usergroups = split(",",$result['usergroup']);

Using single quotes will increase performance. Minimal but still...

> //        $updateArray = array('usergroup' => $usergroups);
> //$res=$GLOBALS['TYPO3_DB']->exec_UPDATEquery("fe_users","uid='$this->userID'",$updateArray); 

Argh, insecure code :) There is s quoteStr and fullQuoteStr for quoting 
parameters properly.

Dmitry Dulepov

"It is our choices, that show what we truly are,
far more than our abilities." (A.P.W.B.D.)

More information about the TYPO3-english mailing list