[Typo3-dev] quoting for SQL-like
Martin Kutschker
martin.kutschker-n0spam at no5pam-blackbox.net
Mon Apr 11 22:05:17 CEST 2005
Hi!
t3lib_db->listQuery and searchQuery use quoteStr to build the query,
which is fine. But what's missing is the quoting for the like operators
% and _.
This has to be done within these functions as the call to quoteStr would
add too many backslashes when the input strings are like-escaped.
escape for like: % => \%
quote: \% => \\% - MUST NOT HAPPEN
Masi
More information about the TYPO3-dev
mailing list