Bug #17940 » class.t3lib_db-wrong-sql.diff
| t3lib/class.t3lib_db.php (copie de travail) | ||
|---|---|---|
|
// Table and fieldnames should be "SQL-injection-safe" when supplied to this function (contrary to values in the arrays which may be insecure).
|
||
|
if (is_string($where)) {
|
||
|
if (is_array($fields_values) && count($fields_values)) {
|
||
|
// quote and escape values
|
||
|
$nArr = $this->fullQuoteArray($fields_values,$table,$no_quote_fields);
|
||
|
// quote and escape values
|
||
|
$nArr = $this->fullQuoteArray($fields_values,$table,$no_quote_fields);
|
||
|
$fields = array();
|
||
|
foreach ($nArr as $k => $v) {
|
||
|
$fields[] = $k.'='.$v;
|
||
|
}
|
||
|
$fields = array();
|
||
|
foreach ($nArr as $k => $v) {
|
||
|
$fields[] = $k.'='.$v;
|
||
|
}
|
||
|
// Build query:
|
||
|
$query = 'UPDATE '.$table.'
|
||
|
SET
|
||
|
'.implode(',
|
||
|
',$fields).
|
||
|
(strlen($where)>0 ? '
|
||
|
WHERE
|
||
|
'.$where : '');
|
||
|
// Build query:
|
||
|
$query = 'UPDATE '.$table.'
|
||
|
SET
|
||
|
'.implode(',
|
||
|
',$fields).
|
||
|
(strlen($where)>0 ? '
|
||
|
WHERE
|
||
|
'.$where : '');
|
||
|
// Return query:
|
||
|
if ($this->debugOutput || $this->store_lastBuiltQuery) $this->debug_lastBuiltQuery = $query;
|
||
|
return $query;
|
||
|
// Return query:
|
||
|
if ($this->debugOutput || $this->store_lastBuiltQuery) $this->debug_lastBuiltQuery = $query;
|
||
|
if (is_array($fields_values) && !count($fields_values)) {
|
||
|
$query = '';
|
||
|
}
|
||
|
} else {
|
||
|
die('<strong>TYPO3 Fatal Error:</strong> "Where" clause argument for UPDATE query was not a string in $this->UPDATEquery() !');
|
||
|
}
|
||
|
return $query;
|
||
|
}
|
||
|
/**
|
||