Feature #22338
closed
Added marker in CONTENT object
0%
Description
By using markers and properly quoting and escaping the values any value can be used in the properties of 'select'.
- a 'markers' property is add where the values of the markers (each with stdWrap support) can defined
- the values are properly escaped/quoted according to their type (integer, float, comma separated list, string (default)
- markers (as ###markername###) in all properties of 'select' (excepting andWhere) are replaced
This indirectly adds stdWrap to all properties of 'select' AND prevents SQL injection problems.
'andWhere' can become deprecated, because the only reason for its existence was stdWrap support.
Will solve problems mentioned with the solutions of issues 12094, 6882, 11220
(issue imported from #M13940)
Files
Updated by Jigal van Hemert about 14 years ago
Example of use in TypoScript (not very realistic, but it works correctly):
10 = CONTENT
10 {
table = tt_news
select {
selectFields = title,uid
pidInList = 4
where = title > ###whatever###
markers {
whatever.data = GP:first
}
}
}
Updated by Martin Holtz about 14 years ago
i added a diff for the test only.
i introduced the option markers.commaSeparatedList = 1 in the test case, but do not know, if you will implement it that way
Updated by Jigal van Hemert about 14 years ago
almost ;-)
I made commaSeparatedList a property of a marker (that way you can have one marker value with a comma which is not a comma separated list and another which is):
markers {
first.value = one,two
second.value = one,two
second.commaSeparatedList = 1
}
first : 'one,two'
second : 'one','two'
Updated by