Reputation: 1252
Can't get Doctrine DBAL to bind value as an int
I have a silex app that uses the DoctrineServiceProvider where I have a query like:
$app['db']->fetchAll('SELECT * FROM foo WHERE bar= ? LIMIT ?', array('baz',$limit));
Where limit is coming in from a query string - $limit = $request->get('limit'). It's throwing a PDOException as it seems to be treating $limit as a string and trying to do LIMIT '10' and not LIMIT 10
I have tried adding array(\PDO::PARAM_STR,\PDO::PARAM_INT) to the call to fetchAll but doesn't seem to help.
I've also tried doing it the long way with $app['db']->prepare, $app['db']->bindValue etc but that didn't fly either.
Is this something I should be able to do? What am I doing wrong?
Upvotes: 1
Views: 1436
Answers (1)
Reputation: 34107
LIMIT is one of the few places where MySQL cannot handle prepared statement parameters[citation needed].
Depending on where you get it from either
- make sure you validate user input correctly
- make sure you're generating an integer
and then use string concatenation to create the query, or a bit more elegant way, with sprintf:
sprintf("SELECT * FROM tablename LIMIT %d", $limit);
Upvotes: 3
Related Questions
- SQLSTATE[22P02]: Invalid text representation: 7 ERROR: invalid input syntax for type integer, Doctrine parameter conversion
- Incorrect mapping of mysql tinyint(2) as boolean with doctrine
- Doctrine2 column type integer of length 255 doesn't apply to DB
- doctrine relation on integer field returns string
- Unknown column type "int" requested
- Gedmo Doctrine mapping restricted to strings - integer not available?
- Issues binding variable types using executeQuery in Doctrine DBAL
- Cannot bind string value in Doctrine DBAL using bindValue, Postgresql
- Doctrine 2 DBAL returns only string datatypes
- Doctrine: Bind IN parameters