[TYPO3-core] RFC #15457: Add support for prepared queries
Xavier Perseguers
typo3 at perseguers.ch
Tue Aug 17 07:12:56 CEST 2010
Hi Helmut,
> Only one comment and one question:
>
> I'm not too comfortable with the is_numeric() checks, because what
> really is meant is what t3lib_div::testInt() delivers; a check for
> integer. But is_numeric('1.234') also evaluates to true. The least thing
> I would do, is add a intval() in replaceValuesInQuery() when type is
> PARAM_INT. But why not enforcing the use of correct integer type and
> checking it with is_int()? Any downsides?
Well, actually what we need is a PARAM_FLOAT too which is not available
in PDO (where I took idea to start with). Do you see any downside to
have either both PARAM_INT and PARAM_FLOAT or PARAM_NUMERIC which
handles both? Because in PDO you have to rely on PARAM_STR which I'd
prefer not.
> Besides that, +1 by reading, testing will follow.
>
> Now that we will have prepare_SELECTquery(), are there plans for
> prepare_INSERTquery() etc. ? :)
Not at the moment. But why not. This is not a really big challenge to
support INSERT and UPDATE too now that the base concept is there.
Xavier
More information about the TYPO3-team-core
mailing list