[Listing] Question mark and colon in condition in addConditionParam() are always interpreted as prepated statement parameters

[BlackbitDevs]

Step to reproduce:

$listing = new Listing();
$listing->addConditionParam('name="Brand: Test product"');
$listing->load();

This will result in an SQL error / PDO exception:
SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens

The reason is that in

pimcore/lib/Model/Listing/AbstractListing.php

Lines 258 to 266 in da43b3f

	$ignore = true;
	if (strpos($key, '?') !== false || strpos($key, ':') !== false) {
	$ignore = false;
	}
	$this->conditionParams[$key] = [
	'value' => $value,
	'concatenator' => $concatenator,
	'ignore-value' => $ignore, // If there is not a placeholder, ignore value!
	];

it is always assumed that when there is a : or a ? in the SQL condition that this is a query parameter.
So the same problem appears when

$listing->addConditionParam('name="This is an object name?"');

Above are simplified examples, of course normally you would use

$listing->addConditionParam('name=?', ['Brand: Test product']);

but sometimes this is not easily possible.

An alternative solution would be to add Listing::addCondition() to add conditions without parameters.
Imho, it is not a BC break, so if you want I could also rebase to 10.3 branch.

[jdreesen]

This contains a commit from PR #11817

[aryaantony92]

@BlackbitNeueMedien Since this is a bug, could you please rebase this to 10.3 branch ?

[BlackbitDevs]

@aryaantony92 Is now for 10.3 branch.

[aryaantony92]

@BlackbitNeueMedien Thanks for rebasing.

But even after applying the patch/commit, when I try to do

$listing->addConditionParam('name="Brand: Test product"'); Or
$listing->addConditionParam('name="This is an object name?"');

I can still see the error message

"SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens"

[BlackbitDevs]

Sorry, regex was not correct, now it should work, even for

$listing->addConditionParam('name="Brand: " and o_path=? and o_key="test?"', ['/']);

[brusch]

I'd say this is quite a critical thing that should be covered by a test, could you please add one for all the possible cases? Thanks in advance!

[brusch]

@BlackbitNeueMedien btw. writing tests is now super easy, see: #11872 and https://pimcore.com/docs/pimcore/current/Development_Documentation/Development_Tools_and_Details/Testing/Core_Tests.html

Thanks in advance!

[brusch]

@BlackbitNeueMedien 🏓 one more try 😉

[BlackbitDevs]

Yep, did not forget it. Currently implementing #10924, try to come back to this PR here for the tests (or perhaps you would be so kind and create this?)

[brusch]

@BlackbitNeueMedien ah cool 👍 then we wait until you're finished with the other topic 😉 Thanks in advance!

[BlackbitDevs]

@brusch I added the tests.

[brusch]

Thank you very much!