[TYPO3-english] Typoscript
Jigal van Hemert
jigal.van.hemert at typo3.org
Mon Dec 22 22:04:29 CET 2014
Hi,
On 22/12/2014 21:06, Richard Davies wrote:
> Hi Siva,
>
> Drop the where and have
>
> lib.products.select.andWhere {
>> cObject = TEXT
>> cObject {
>> data = GP:sid
>> wrap = sid like "|"
>> }
>> }
>>
>
> I'm not sure whether this method is very safe. It probably isn't meant to
> be used this way so theres a possibility it is open to exploitation.
This is indeed the unsafe way; DON'T USE THIS! Since TYPO3 4.3 we have a
safe option:
lib.products = CONTENT
lib.products{
table = TABLE
select {
selectFields = name
pidInList = 26506
orderBy = name
where = sid like ###GPSID###
markers {
GPSID.data = GP:SID
}
}
renderObj = COA
renderObj {
10 = COA
10 {
10 = TEXT
10.dataWrap ={field:name}[\n]
}
}
}
Items in the 'markers' section will be automatically escaped and quoted
if necessary (strings are quoted, numbers are not). For other options,
see documentation:
[1]
http://docs.typo3.org/typo3cms/TyposcriptReference/Functions/Select/Index.html
--
Jigal van Hemert
TYPO3 CMS Active Contributor
TYPO3 .... inspiring people to share!
Get involved: typo3.org
More information about the TYPO3-english
mailing list