[TYPO3-core] RFC: #11438: Add a registry to t3lib
Oliver Hader
oliver at typo3.org
Sun Aug 9 16:53:32 CEST 2009
Hi again,
Oliver Hader schrieb:
> Hi Xavier,
>
> Xavier Perseguers schrieb:
>> Hi Ingo,
>>
>> + $GLOBALS['TYPO3_DB']->exec_UPDATEquery(
>> + 'sys_registry',
>> + 'entry_key = \'' . $key . '\'',
>> + array('entry_value' => $serializedValue)
>> + );
>>
>> and
>>
>> + public function remove($key) {
>> + $GLOBALS['TYPO3_DB']->exec_DELETEquery(
>> + 'sys_registry',
>> + 'entry_key = \'' . $key . '\''
>> + );
>> +
>> + unset($this->entries[$key]);
>> + }
>>
>> Why do you do your own quoting? There's an official method that should
>> be used every time, even if you are sure that your quoting system will
>> be OK.
>
> Oh yeah! If a developer writes something like this in his extension
> | $registry->set('currentState', t3lib_div::_GP('currentState'));
> the database could be very "open minded"...
>
> Using proper escaping and quoting should be essential here.
Argh, wrong example... It's about the key not the value. However, we
never know how that key is set from an extension...
olly
--
Oliver Hader
TYPO3 Release Manager 4.3
More information about the TYPO3-team-core
mailing list