[BUGFIX] Use named parameters in Extbase IN() queries
[Packages/TYPO3.CMS.git] / typo3 / sysext / extbase / Classes / Persistence / Generic / Storage / Typo3DbQueryParser.php
index f5d538e..575a412 100644 (file)
@@ -399,7 +399,8 @@ class Typo3DbQueryParser
                     $plainValue = $this->dataMapper->getPlainValue($singleValue);
                     if ($plainValue !== null) {
                         $hasValue = true;
-                        $plainValues[] = $plainValue;
+                        $parameterType = ctype_digit((string)$plainValue) ? \PDO::PARAM_INT : \PDO::PARAM_STR;
+                        $plainValues[] = $this->queryBuilder->createNamedParameter($plainValue, $parameterType);
                     }
                 }
                 if (!$hasValue) {