[Task]: Quote name and description (#198)

* Task: quote `name` and `description`

* Task: fix quoteidentifier to use the 6.9 supported approach

* Quote category as well

Co-authored-by: Divesh Pahuja <divesh.pahuja@pimcore.com>

---------

Co-authored-by: Divesh Pahuja <divesh.pahuja@pimcore.com>

Author: kingjia90

src/Controller/AdminController.php

@@ -20,6 +20,7 @@
 use AdvancedObjectSearchBundle\Model\SavedSearch;
 use AdvancedObjectSearchBundle\Service;
 use Pimcore\Bundle\AdminBundle\Helper\QueryParams;
+use Pimcore\Db;
 use Pimcore\Model\DataObject;
 use Pimcore\Tool;
 use Symfony\Component\EventDispatcher\EventDispatcherInterface;
@@ -313,6 +314,7 @@ public function findAction(Request $request)
         $offset = $offset ? $offset : 0;
         $limit = $limit ? $limit : 50;
 
+        $db = Db::get();
         $searcherList = new SavedSearch\Listing();
         $conditionParts = [];
         $conditionParams = [];
@@ -327,7 +329,11 @@ public function findAction(Request $request)
 
         //filter for query
         if (!empty($query)) {
-            $conditionParts[] = '(name LIKE ? OR description LIKE ? OR category LIKE ?)';
+            $conditionParts[] = sprintf('(%s LIKE ? OR %s LIKE ? OR %s LIKE ?)',
+                $db->quoteIdentifier('name'),
+                $db->quoteIdentifier('description'),
+                $db->quoteIdentifier('category')
+            );
             $conditionParams[] = '%' . $query . '%';
             $conditionParams[] = '%' . $query . '%';
             $conditionParams[] = '%' . $query . '%';