[TYPO3-mvc] Transition Guide for Persistance Rewrite
Bastian Waidelich
bastian at typo3.org
Tue Aug 4 10:29:10 CEST 2009
Jochen Rau wrote:
Hi Jochen,
> I'd like to change this to
>
> $query->statement('SELECT * FROM tx_blogexample_domain_model_blog WHERE
> SUBSTRING(title,1,1) LIKE BINARY '?' AND description LIKE '%?%' ORDER BY
> title ASC', array('B', 'blog));
>
> to enable prepared statements in the Storage Backend.
+1 for prepared statements!
But usually the placeholders are quoted in prepared statements and I
prefer that way as it takes away the responsibility of proper quoting
(and escaping!) from the user. The statement would then be:
$query->statement('SELECT * FROM tx_blogexample_domain_model_blog WHERE
SUBSTRING(title,1,1) LIKE BINARY ? AND description LIKE ? ORDER BY title
ASC', array('B', '%blog%'));
see http://de.wikipedia.org/wiki/Prepared_Statement and
http://de.php.net/manual/de/pdo.prepared-statements.php
What do you think?
Bastian
More information about the TYPO3-project-typo3v4mvc
mailing list