Christophe PROME wrote:
$titre_page = $title->getText();
$titre_page = str_replace(" ","_", $titre_page);
[snip]
// --- 1ère requête : id de la page --- //
$res1 = $dbw->query("SELECT page_id FROM $table_1 WHERE
page_title=\"$titre_page\";");
This is an SQL injection vulnerability; unescaped user-provided text in the query.
Note that you could save yourself some trouble here by just calling
$title->getArticleId(). :)
// ---- 2ème requête : nom de l'utilisateur
---/
$res2 = $dbw->query("SELECT rev_user_text FROM $table_2 WHERE
rev_page = \"$id_page\" LIMIT 1;");
You should use "ORDER BY rev_timestamp LIMIT 1" to ensure that the proper index
sort is used.
-- brion vibber (brion @
pobox.com)