[TYPO3-core] RFC: #11438: Add a registry to t3lib

Oliver Hader oliver at typo3.org
Sun Aug 9 16:51:39 CEST 2009


Hi Xavier,

Xavier Perseguers schrieb:
> Hi Ingo,
> 
> +        $GLOBALS['TYPO3_DB']->exec_UPDATEquery(
> +            'sys_registry',
> +            'entry_key = \'' . $key . '\'',
> +            array('entry_value' => $serializedValue)
> +        );
> 
> and
> 
> +    public function remove($key) {
> +        $GLOBALS['TYPO3_DB']->exec_DELETEquery(
> +            'sys_registry',
> +            'entry_key = \'' . $key . '\''
> +        );
> +
> +        unset($this->entries[$key]);
> +    }
> 
> Why do you do your own quoting? There's an official method that should
> be used every time, even if you are sure that your quoting system will
> be OK.

Oh yeah! If a developer writes something like this in his extension
| $registry->set('currentState', t3lib_div::_GP('currentState'));
the database could be very "open minded"...

Using proper escaping and quoting should be essential here.

> Other point, I was asked recently (for Extbase) to change false to FALSE
> and true to TRUE. I don't remember the point in CGL. Just to mention
> when it is not correct according to them.

It's not in the CGL - thus, no need to discuss it further here...

olly
-- 
Oliver Hader
TYPO3 Release Manager 4.3


More information about the TYPO3-team-core mailing list