[TYPO3-shop] createUser = 1 creates fe_user entry with quotes around values in DB

[Paul Hansen]

Jochen Rieger wrote:

> for me it is working perfectly using it just without the fullQuoteStr() 
> function. Although I have to admit that at this point I haven't checked 
> it for security concerning SQL injections.
> 
> But maybe exec_SELECTquery does all the work already!?

It's exec_INSERTquery() that does the auto-quoting for values. The 
fullQuoteStr()'s in class.tx_ttproducts_order.php that prepare values 
for exec_INSERTquery are all apparently extra.

Take care,
Paul