[TYPO3-dev] Joining table with Typo3 ?
Bernhard Kraft
kraftb at kraftb.at
Fri Dec 30 16:29:40 CET 2005
Arne Skjaerholt wrote:
> Have another look at the code. He's not interpolating the variable
> directly into the text, he's using sprintf(). So if the data doesn't fit
> the %d specifier (that is, can't be converted into an integer), you'll
> get a run-time exception or something along those lines (I can't
> remember the exact error in PHP). Perhaps not an ideal solution, but not
> a security risk (at least, not unless PHP has a boneheaded
> implementation of sprintf() =).
Yup. You are right.
Sorry for the flames :)
I never use sprintf -- at least not in php. sprintf feels like C :)
greets,
Bernhard
More information about the TYPO3-dev
mailing list