Prepared statements in Extbase TYPO3 7.6 not working

Question

I want to submit the query as a prepared statement, like below.

$query = $this->createQuery();
$query->getQuerySettings()->usePreparedStatement(TRUE);
$sqlParamList[] = 'test@gamil.com';
$sql = 'SELECT uid FROM table_name WHERE email = ?';
$query->statement($sql, $sqlParamList);
$result = $query->execute();

But I always get errors like below.

You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '?' at line 1'

Where I am wrong?

Answer 1

You need to parse your $sql to a prepared statement first:

$preparedSql = $this->objectManager->get(\TYPO3\CMS\Core\Database\PreparedStatement::class, $sql, 'table_name');

With $this->objectManager->get() you instantiiate the class PreparedStatement with the arguments $sql and 'table_name' .

This will change your $sql and parse the ? to be used as prepared statement.

Answer 2

Another approach:

$query = $this->createQuery();
$query->getQuerySettings()->usePreparedStatement(TRUE);
$sqlParamList = [
    ':email' => 'test@gamil.com'
];
$sql = 'SELECT uid FROM table_name WHERE email = :email';
$query->statement($sql, $sqlParamList);
$result = $query->execute();

Cannot test it, just an approach.