Bug #17940 » rfc7015_updated.diff
| t3lib/class.t3lib_db.php (Arbeitskopie) | ||
|---|---|---|
|
// Table and fieldnames should be "SQL-injection-safe" when supplied to this
|
||
|
// function (contrary to values in the arrays which may be insecure).
|
||
|
if (is_string($where)) {
|
||
|
$fields = array();
|
||
|
if (is_array($fields_values) && count($fields_values)) {
|
||
|
// quote and escape values
|
||
|
$nArr = $this->fullQuoteArray($fields_values, $table, $no_quote_fields);
|
||
|
$fields = array();
|
||
|
foreach ($nArr as $k => $v) {
|
||
|
$fields[] = $k.'='.$v;
|
||
|
}
|
||
|
}
|
||
|
if(count($fields)) {
|
||
|
// Build query:
|
||
|
$query = 'UPDATE ' . $table . ' SET ' . implode(',', $fields) .
|
||
|
(strlen($where) > 0 ? ' WHERE ' . $where : '');
|
||
|
// Return query:
|
||
|
if ($this->debugOutput || $this->store_lastBuiltQuery) {
|
||
|
$this->debug_lastBuiltQuery = $query;
|
||
|
}
|
||
|
return $query;
|
||
|
} else {
|
||
|
$query = FALSE;
|
||
|
}
|
||
|
// Return query:
|
||
|
if ($this->debugOutput || $this->store_lastBuiltQuery) {
|
||
|
$this->debug_lastBuiltQuery = $query;
|
||
|
}
|
||
|
|
||
|
return $query;
|
||
|
} else {
|
||
|
throw new InvalidArgumentException(
|
||
|
'TYPO3 Fatal Error: "Where" clause argument for UPDATE query was not a string in $this->UPDATEquery() !',
|
||