Commit c5e1078a authored by Torben Hansen's avatar Torben Hansen Committed by Christian Kuhn
Browse files

[TASK] Remove wrong doc comments in \TYPO3\CMS\Core\Database\Connection

The doc comments for some functions in `\TYPO3\CMS\Core\Database\Connection`
state, that table expressions and columns are not escaped. This is actually
not true and it seems those doc comments have been adopted directly from
`doctrine/dbal` back in 2016, when Doctrine DBAL was introduced to TYPO3.

Resolves: #98318
Releases: main, 11.5, 10.4
Change-Id: If23d568b23ef1b3c6f40efd50e907af54c349b3d
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75650


Reviewed-by: Oliver Klee's avatarOliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Christian Kuhn's avatarChristian Kuhn <lolli@schwarzbu.ch>
Tested-by: core-ci's avatarcore-ci <typo3@b13.com>
Tested-by: Christian Kuhn's avatarChristian Kuhn <lolli@schwarzbu.ch>
parent 65580b5a
......@@ -203,7 +203,6 @@ class Connection extends \Doctrine\DBAL\Connection implements LoggerAwareInterfa
* Inserts a table row with specified data.
*
* All SQL identifiers are expected to be unquoted and will be quoted when building the query.
* Table expression and columns are not escaped and are not safe for user-input.
*
* @param string $tableName The name of the table to insert data into.
* @param array $data An associative array containing column-value pairs.
......@@ -224,7 +223,6 @@ class Connection extends \Doctrine\DBAL\Connection implements LoggerAwareInterfa
* Bulk inserts table rows with specified data.
*
* All SQL identifiers are expected to be unquoted and will be quoted when building the query.
* Table expression and columns are not escaped and are not safe for user-input.
*
* @param string $tableName The name of the table to insert data into.
* @param array $data An array containing associative arrays of column-value pairs or just the values to be inserted.
......@@ -247,7 +245,6 @@ class Connection extends \Doctrine\DBAL\Connection implements LoggerAwareInterfa
* Executes an SQL SELECT statement on a table.
*
* All SQL identifiers are expected to be unquoted and will be quoted when building the query.
* Table expression and columns are not escaped and are not safe for user-input.
*
* @param string[] $columns The columns of the table which to select.
* @param string $tableName The name of the table on which to select.
......@@ -296,7 +293,6 @@ class Connection extends \Doctrine\DBAL\Connection implements LoggerAwareInterfa
* Executes an SQL UPDATE statement on a table.
*
* All SQL identifiers are expected to be unquoted and will be quoted when building the query.
* Table expression and columns are not escaped and are not safe for user-input.
*
* @param string $tableName The name of the table to update.
* @param array $data An associative array containing column-value pairs.
......@@ -319,7 +315,6 @@ class Connection extends \Doctrine\DBAL\Connection implements LoggerAwareInterfa
* Executes an SQL DELETE statement on a table.
*
* All SQL identifiers are expected to be unquoted and will be quoted when building the query.
* Table expression and columns are not escaped and are not safe for user-input.
*
* @param string $tableName The name of the table on which to delete.
* @param array $identifier The deletion criteria. An associative array containing column-value pairs.
......@@ -340,7 +335,6 @@ class Connection extends \Doctrine\DBAL\Connection implements LoggerAwareInterfa
* Executes an SQL TRUNCATE statement on a table.
*
* All SQL identifiers are expected to be unquoted and will be quoted when building the query.
* Table expression is not escaped and not safe for user-input.
*
* @param string $tableName The name of the table to truncate.
* @param bool $cascade Not supported on many platforms but would cascade the truncate by following foreign keys.
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment