[TASK] Follow-up: Use prepared statements in generic persistence 42/28442/3
authorMarc Bastian Heinrichs <typo3@mbh-software.de>
Sun, 16 Mar 2014 13:57:21 +0000 (14:57 +0100)
committerWouter Wolters <typo3@wouterwolters.nl>
Mon, 17 Mar 2014 21:49:53 +0000 (22:49 +0100)
Fixes using $query->statement() without parameters.

Resolves: #56915
Resolves: #55360
Releases: 6.2
Change-Id: Ia149313f5f9f719d7dba0a21a3eb39ea4f5052e8
Reviewed-on: https://review.typo3.org/28442
Reviewed-by: Markus Klein
Reviewed-by: Dennis J
Tested-by: Dennis J
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
typo3/sysext/extbase/Classes/Persistence/Generic/Storage/Typo3DbBackend.php

index cebf3cd..2c5c39f 100644 (file)
@@ -402,12 +402,12 @@ class Typo3DbBackend implements \TYPO3\CMS\Extbase\Persistence\Generic\Storage\B
                        $preparedStatement->free();
                } else {
 
+                       $sqlString = $statement->getStatement();
                        /**
                         * @deprecated since 6.2, this block will be removed in two versions
                         * the deprecation log is in Qom\Statement
                         */
                        if (!empty($parameters)) {
-                               $sqlString = $statement->getStatement();
                                $this->replacePlaceholders($sqlString, $parameters);
                        }