[TYPO3-core] RFC: Bug #13508: Use exec_TRUNCATETABLEquery() instead of DELETE FROM throughout the core

Thu Feb 11 08:28:55 CET 2010

Hi!

On 2010-02-11 03:31:26 +0200, Christian Kuhn said:
> Solution:
> Use this new API method core wide where DELETE FROM with an empty WHERE
> is called.

-1 because it adds MySQL–specific naming and unnecessary complexity. A 
different approach is better: keep DELETEquery but check WHERE 
statement. If it is empty or 1=1, use TRUNCATE. No need for a new 
method, no need for API change, no confusion for programmers, no need 
for programmers to make call decisions in their code. API must hide 
complexity, not add it!

I use this in my installation for a long time already in order to 
improve performance. Here is a version for DELETEquery from my servers 
(not my exact code because I have more extras there but gives an idea):

================================
function DELETEquery($table,$where)     {
        if (is_string($where))  {

                // Table and fieldnames should be "SQL-injection-safe" 
when supplied to this function
                $where = trim($where);
                if ($where == '' || $where == '1=1') {
                        $query = 'TRUNCATE ' . $table;
                }
                else {
                        $query = 'DELETE FROM '.$table.
                                ' WHERE '.$where;
                }

                if ($this->debugOutput || $this->store_lastBuiltQuery) 
$this->debug_lastBuiltQuery = $query;
                return $query;
        } else {
                die('<strong>TYPO3 Fatal Error:</strong> "Where" clause 
argument for DELETE query was not a string in $this->DELETEquery() !');
        }
}
================================

I use this for more than a year. It is heavily tested in several live 
environments :)

-- 
Dmitry Dulepov
TYPO3 expert / TYPO3 core team member / TYPO3 security team member 
Read more @ http://dmitry-dulepov.com/