[BUGFIX] Use named parameters in Extbase IN() queries 92/52392/2
authorMorton Jonuschat <m.jonuschat@mojocode.de>
Sat, 8 Apr 2017 04:43:21 +0000 (21:43 -0700)
committerWouter Wolters <typo3@wouterwolters.nl>
Tue, 11 Apr 2017 12:23:01 +0000 (14:23 +0200)
Try to infer the parameter type from the value and create a named
parameter per value passed to the IN() comparison.

Change-Id: Ifc9761d077154fe4f6cbf580519b1d65dc8912c1
Releases: master
Resolves: #80744
Reviewed-on: https://review.typo3.org/52392
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Thomas Hohn <thomas@hohn.dk>
Reviewed-by: Luis García
Tested-by: Luis García
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
typo3/sysext/extbase/Classes/Persistence/Generic/Storage/Typo3DbQueryParser.php

index f5d538e..575a412 100644 (file)
@@ -399,7 +399,8 @@ class Typo3DbQueryParser
                     $plainValue = $this->dataMapper->getPlainValue($singleValue);
                     if ($plainValue !== null) {
                         $hasValue = true;
-                        $plainValues[] = $plainValue;
+                        $parameterType = ctype_digit((string)$plainValue) ? \PDO::PARAM_INT : \PDO::PARAM_STR;
+                        $plainValues[] = $this->queryBuilder->createNamedParameter($plainValue, $parameterType);
                     }
                 }
                 if (!$hasValue) {