Quote fields in select.where etc. (#355)

Resolves: #354 Releases: master, 10.4, 9.5, 8.7
TYPO3-Documentation · Sep 4, 2020 · 613b919 · 613b919
1 parent d3a3c3d
commit 613b919
Showing 1 changed file with 29 additions and 0 deletions.
diff --git a/Documentation/Functions/Select.rst b/Documentation/Functions/Select.rst
@@ -20,6 +20,30 @@ in the :php:`$GLOBALS['TCA']`.
    Avoid SQL injections! Don't trust any external data! Secure
    any unknown data, for example with :ref:`intval <stdwrap-intval>`.
 
+.. _selectQuotingOfFields:
+
+Quoting of fields
+=================
+
+.. versionadded:: 8.7
+
+   It is possible to use `{#fieldname}` to make the database
+   framework quote these fields (see :doc:`t3core:Changelog/8.7/Important-80506-DbalCompatibleFieldQuotingInTypoScript`)::
+
+      select.where = ({#title} LIKE {#%SOMETHING%} AND NOT {#doktype})
+
+This applies to:
+
+* :ts:`select.where`
+
+but not to:
+
+* :ts:`select.groupBy`
+* :ts:`select.orderBy`
+
+as these parameters already follow a stricter syntax that allow automatic parsing and
+quoting.
+
 Comprehensive example
 =====================
 
@@ -261,6 +285,11 @@ where
 
          where = (title LIKE '%SOMETHING%' AND NOT doktype)
 
+      Use `{#fieldname}` to make the database
+      framework quote these fields::
+
+         where = ({#title} LIKE {#%SOMETHING%} AND NOT {#doktype})
+
 
 .. _select-languageField: