TYPO3 Core

While using indexed search with dbal and a MSSQL database, you get several exceptions when you have simple quotes ( ' ) in a search phrase (which might really often happen, when french speaking users search something).

I would fix it by modified the search query in a way, that the query string isn't between simple quotes but double quotes (I'm not aware of any performance issues in SQL when using simple or double quotes, so this should not make any difference). Additionally the search word should should be passed with addslashes, since adodb quoting doesn't (at least in the mssql driver as far as I have seen).

So, tx_indexedsearch::getPhashList should be adapted like this:

switch ($theType)     {
    ...
        case '20':    // Sentence
        $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
            'ISEC.phash',
            'index_section ISEC, index_fulltext IFT',
            'IFT.fulltextdata LIKE "%'.$GLOBALS['TYPO3_DB']->quoteStr(addslashes($sWord), 'index_fulltext').'%" AND
            ISEC.phash = IFT.phash
            '.$this->sectionTableWhere(),
            'ISEC.phash'
        );
    ...