Actions
Bug #15460
closed
Error in changed method UPDATEquery, class t3lib_DB
Start date:
2006-01-20
Due date:
% Done:
0%
Estimated time:
TYPO3 Version:
4.0
PHP Version:
4
Tags:
Complexity:
Is Regression:
Sprint Focus:
Description
The implementation of the new method fullQuoteArray has caused an error in method UPDATEquery, class t3lib_DB. The created update-query is incorrect because all fieldnames of updated values are missing:
In the following code I've inserted a marked line that fixes that error temporary.
function UPDATEquery($table,$where,$fields_values,$no_quote_fields='') {// Table and fieldnames should be "SQL-injection-safe" when supplied to this function (contrary to values in the arrays which may be insecure).
if (is_string($where)) {
if (is_array($fields_values) && count($fields_values)) {// quote and escape values
$nArr = $this->fullQuoteArray($fields_values,$table,$no_quote_fields);
// CHANGED: Insert keys (fieldnames) intro $nArr
foreach ($nArr as $k => $v)
$nArr[$k] = $k.'='.$v;// Build query:
$query = 'UPDATE '.$table.'
SET
'.implode(',
',$nArr).
(strlen($where)>0 ? '
WHERE
'.$where : '');// Return query:
if ($this->debugOutput || $this->store_lastBuiltQuery) $this->debug_lastBuiltQuery = $query;
return $query;
}
} else {
die('<strong>TYPO3 Fatal Error:</strong> "Where" clause argument for UPDATE query was not a string in $this->UPDATEquery() !');
}
}(issue imported from #M2326)
Updated by Karsten Dambekalns almost 19 years ago
This has been fixed before release of beta 2, i.e. yesterday, by Sebastian. This bug report was too late. :)
Actions