Actions
Bug #27760
closedQuoting issues with search words
Start date:
2011-06-29
Due date:
% Done:
100%
Estimated time:
TYPO3 Version:
4.5
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:
Description
While using indexed search with dbal and a MSSQL database, you get several exceptions when you have simple quotes ( ' ) in a search phrase (which might really often happen, when french speaking users search something).
I would fix it by modified the search query in a way, that the query string isn't between simple quotes but double quotes (I'm not aware of any performance issues in SQL when using simple or double quotes, so this should not make any difference). Additionally the search word should should be passed with addslashes, since adodb quoting doesn't (at least in the mssql driver as far as I have seen).
So, tx_indexedsearch::getPhashList should be adapted like this:
switch ($theType) { ... case '20': // Sentence $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery( 'ISEC.phash', 'index_section ISEC, index_fulltext IFT', 'IFT.fulltextdata LIKE "%'.$GLOBALS['TYPO3_DB']->quoteStr(addslashes($sWord), 'index_fulltext').'%" AND ISEC.phash = IFT.phash '.$this->sectionTableWhere(), 'ISEC.phash' ); ...
Actions