Abs
Reputation: 57926
How to escape single quotes in Doctrine
This is a very basic quesiton about Doctrine. How are single quotes escaped?
For example, title needs to be escaped as it contains a single quote:
$query = $this->entityManager->
createQuery("SELECT p from \RTH\Entity\Prod p
JOIN p.prodns ps
JOIN ps.events e
WHERE p.title = '" . $title . "'");
Is there a specific way to do this in Doctrine 2?
Upvotes: 4
Views: 10387
Answers (2)
Jonathan Pasquier
Reputation: 2591
Prepared statements is really the way to go, but if you can't upgrade your code, you could use the quote method of the Doctrine\DBAL\Connection object.
As per your code, I think you could access the connection object doing:
$this->getConnection()
Upvotes: 0
Stefan Rasmusson
Reputation: 5595
Try using prepared statements http://docs.doctrine-project.org/projects/doctrine-dbal/en/latest/reference/data-retrieval-and-manipulation.html#using-prepared-statements
Upvotes: 7
Related Questions
- Don't use identifier quoting in ORM Doctrine
- Doctrine Query Builder, how to escape single quote?
- How do you escape ' on doctrine?
- Doctrine and quoting reserved word of MySql
- Escape a literal so that it is wrapped with double quotes
- Doctrine2 query builder does not quote the string
- How to configure quotes strategy in Doctrine 2
- Do I need to escape strings on Symfony2 with Doctrine queries?
- How do I stop Doctrine from quoting numbers?
- Doctrine quoting apostrophes