[TYPO3-v4] DBAL compatible way of escaping strings for a like query
Helmut Hummel
helmut.hummel at typo3.org
Mon Nov 14 14:20:50 CET 2011
Hi,
the DB-API for correctly escaping strings for a like query is a bit awkward:
$escapedSearchItem = '\'%' . $GLOBALS['TYPO3_DB']->escapeStrForLike(
$GLOBALS['TYPO3_DB']->quoteStr($searchItem, 'pages'),
'pages'
) . '%\'';
My question is: Is this OK this way for DBAL, despite "manually" adding
enclosing quotes?
Thanks.
Kind regards,
Helmut
--
Helmut Hummel
TYPO3 Security Team Leader, TYPO3 v4 Core Team Member
TYPO3 .... inspiring people to share!
Get involved: typo3.org
More information about the TYPO3-project-v4
mailing list