Query orderings can't use custom expressions
Currently Tx_Extbase_Persistence_Query->setOrderings does only support ASC and DESC orderings.
One might want to pass a custom expression as ordering. E.g. if you want to get your objects in a predefined order:
$query = $this->createQuery(); $query->setOrderings(array( 'FIELD (uid, ' . implode(', ', $uidList) .')' => Tx_Extbase_Persistence_QueryInterface::ORDER_FIELD )); return $query ->matching($query->in('uid', $uidList)) ->execute();
#6 Updated by Tobias Liebig over 6 years ago
Felix: "SQL Injection still in place ..."
I see his point. Maybe we could archive a solution which supports FIELD orderings only, but does not allow any expressions.
I had the need (using FIELD for ordering) in at least two different projects, so i think the issue is still valid.
#15 Updated by Stefan Neufeind over 5 years ago
I agree that allowing strings for the ordering people might use statements that are non-portable across DBMS. But for most users that use MySQL/MariaDB nowadays (I expect) they could use orderings like RAND or giving a list of uids with a fixed order.
Please re-think if we could allow arbitrary strings "on your own risk" (maybe with a big warning in the docs or so) for certain edge-cases. And if it's not too intrusive maybe we could also allow that in 6.2 still (to stay for some years now sigh).
#16 Updated by Alexander Opitz almost 5 years ago
- Project changed from Extbase MVC Framework to TYPO3 Core
- Category changed from Extbase: Generic Persistence to Extbase
- Status changed from Under Review to Needs Feedback
- Target version changed from Extbase 6.3 to 7.0
Tobias, are you working on this issue?
#17 Updated by Peter Niederlag almost 5 years ago
custom ordering is really a must have, portability is nice to have, that's the prio on all 200 projects I have done in 15 years.
Applying a custom sql order string would be very nice.
This seems to get urgent as current workarounds with parseQuery/buildQuery seem to have been gone on 6.2 :(