[TYPO3-english] Re: how to: properly escape strings in 4.5.30?
Calgacus map Brude
calgach at gmail.com
Thu Nov 21 22:10:21 CET 2013
Hi Xavier,
Thanks for responding.
When I change my code like so :
/**
* action admin
*
* @return void
*/
public function adminAction() {
$postsvars = t3lib_div::_POST();
$prizes = $postsvars['tx_bingoprizes_bingofrontend']['prize'];
foreach ($prizes as $key => $prize) {
foreach ($prize as $field => $value) {
//echo "Magic quotes is " . (get_magic_quotes_gpc() ? "ON" : "OFF");
// echo strip_tags($value) ;die;
$cleanedValues[$field] = $GLOBALS['TYPO3_DB']->quoteStr(strip_tags($value));// strip_tags($value);// mysql_real_escape_string(strip_tags($value));
}
......................
I get this error:
Uncaught TYPO3 Exception
#1310027933: DBAL fatal error: No handler found in handler_getFromTableList() for: "" (SQL engine parse ERROR: No table name found as expected in parseFromTables()!: near " ")
RuntimeException thrown in file
/home/typo3_src/typo3_src-4.5.30/typo3/sysext/dbal/class.ux_t3lib_db.php in line 3076.
when execution hits the line with the call to $GLOBALS['TYPO3_DB']->quoteStr()
Are those DBAL methods still the way to go in v 4.5.30?
More information about the TYPO3-english
mailing list