[TYPO3-core] RFC: #11438: Add a registry to t3lib
Oliver Hader
oliver at typo3.org
Sun Aug 9 16:51:39 CEST 2009
Hi Xavier,
Xavier Perseguers schrieb:
> Hi Ingo,
>
> + $GLOBALS['TYPO3_DB']->exec_UPDATEquery(
> + 'sys_registry',
> + 'entry_key = \'' . $key . '\'',
> + array('entry_value' => $serializedValue)
> + );
>
> and
>
> + public function remove($key) {
> + $GLOBALS['TYPO3_DB']->exec_DELETEquery(
> + 'sys_registry',
> + 'entry_key = \'' . $key . '\''
> + );
> +
> + unset($this->entries[$key]);
> + }
>
> Why do you do your own quoting? There's an official method that should
> be used every time, even if you are sure that your quoting system will
> be OK.
Oh yeah! If a developer writes something like this in his extension
| $registry->set('currentState', t3lib_div::_GP('currentState'));
the database could be very "open minded"...
Using proper escaping and quoting should be essential here.
> Other point, I was asked recently (for Extbase) to change false to FALSE
> and true to TRUE. I don't remember the point in CGL. Just to mention
> when it is not correct according to them.
It's not in the CGL - thus, no need to discuss it further here...
olly
--
Oliver Hader
TYPO3 Release Manager 4.3
More information about the TYPO3-team-core
mailing list