[BUGFIX] Fix SQL syntax 75/18475/3
authorMichael Stucki <michael.stucki@typo3.org>
Tue, 26 Feb 2013 00:19:02 +0000 (01:19 +0100)
committerChristian Kuhn <lolli@schwarzbu.ch>
Thu, 7 Mar 2013 23:36:41 +0000 (00:36 +0100)
Use single quotes to retain compatibility with PostgreSQL.

Change-Id: If3b900d08330bb96ce37fcbefcd110ccfd9b24b5
Resolves: #45826
Releases: 6.1, 6.0
Reviewed-on: https://review.typo3.org/18475
Reviewed-by: Felix Kopp
Reviewed-by: Rico Sonntag
Reviewed-by: Alexander Opitz
Tested-by: Alexander Opitz
Reviewed-by: Xavier Perseguers
Tested-by: Xavier Perseguers
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
typo3/sysext/core/Classes/Resource/FileRepository.php

index 623fa84..9407674 100644 (file)
@@ -151,10 +151,10 @@ class FileRepository extends AbstractRepository {
                $rows = $GLOBALS['TYPO3_DB']->exec_SELECTgetRows(
                        '*',
                        $this->table,
-                       sprintf('storage=%u AND identifier LIKE "%s" AND NOT identifier LIKE "%s"',
+                       sprintf('storage=%u AND identifier LIKE %s AND NOT identifier LIKE %s',
                                        $storage,
-                                       $GLOBALS['TYPO3_DB']->escapeStrForLike($identifier, $this->table) . '%',
-                                       $GLOBALS['TYPO3_DB']->escapeStrForLike($identifier, $this->table) . '%/%'
+                                       $GLOBALS['TYPO3_DB']->fullQuoteStr($GLOBALS['TYPO3_DB']->escapeStrForLike($identifier, $this->table) . '%', $this->table),
+                                       $GLOBALS['TYPO3_DB']->fullQuoteStr($GLOBALS['TYPO3_DB']->escapeStrForLike($identifier, $this->table) . '%/%', $this->table)
                        ),
                        '',
                        '',