[TYPO3-english] Render Content from php
Georg Ringer
typo3 at ringerge.org
Thu Nov 22 07:38:36 CET 2012
Hi,
Am 21.11.2012 16:52, schrieb Pablo Feldman:
> 5 = CONTENT
> 5 {
> table = tt_content
> select {
> selectFields = bodytext,CType,pi_flexform,list_type
> pidInList = 2
> andWhere.cObject = COA
> andWhere.cObject {
> 10 = TEXT
> 10.dataWrap = sys_language_uid = {GP:L}
> }
be aware that you got a security risk here as you don't escape the user
data and therefore you got a sql injection.
Please use 10.intval = 1 !
georg
More information about the TYPO3-english
mailing list