Christophe PROME wrote:
$titre_page = $title->getText(); $titre_page = str_replace(" ","_", $titre_page);
[snip]
// --- 1ère requête : id de la page --- // $res1 = $dbw->query("SELECT page_id FROM $table_1 WHERE
page_title="$titre_page";");
This is an SQL injection vulnerability; unescaped user-provided text in the query.
Note that you could save yourself some trouble here by just calling $title->getArticleId(). :)
// ---- 2ème requête : nom de l'utilisateur ---/ $res2 = $dbw->query("SELECT rev_user_text FROM $table_2 WHERE
rev_page = "$id_page" LIMIT 1;");
You should use "ORDER BY rev_timestamp LIMIT 1" to ensure that the proper index sort is used.
-- brion vibber (brion @ pobox.com)