is there any sql injection protection in typo framework? Or I have to take care by myself of building a query?
I found prepare_SELECTqueryArray, but there is no example how it should look. My TYPO3 version is 4.7. And this prepare_SELECTqueryArray I found on site with TYPO3 v.6.1.
Prepared Statements are available at least in TYPO3 4.5 as you can see here [1] and [2]
A Prepared query could look like this
$preparedQuery = $this->link->prepare_SELECTquery('fieldblob,fieldblub', $table, 'id=:id', '', '', '', array(':id' => 1));
$preparedQuery->execute();
$result = $preparedQuery->fetch();
or
$preparedQuery = $this->link->prepare_SELECTquery('fieldblob,fieldblub', $table, 'id=:id');
$preparedQuery->bindValues(array(':id' => 1));
$preparedQuery->execute();
$result = $preparedQuery->fetch();
[1] https://github.com/TYPO3/TYPO3.CMS/blob/TYPO3_4-5/t3lib/class.t3lib_db.php
[2] https://github.com/TYPO3/TYPO3.CMS/blob/TYPO3_4-5/t3lib/db/class.t3lib_db_preparedstatement.php