php - Escaping variables globally -
to results of queries utilize next methods:
$result = $this->getentitymanager()->createquery($dql)->getresult(); where $dql variable dql query string. problem when add together apostrophe in query string's variable, instance:
select * users login = 'foo's' which in reality typing foo's string in input, gives me symfony error because query string not escaped.
how can solve issue?
i have lot of getresult() methods in project, , lot of queries, don't want alter whole concept of writing queries.
is there way that?
best solution: rewrite queries :bindvariables. rookie solution: create onkernelrequest event , modify in request object worst solution: modify $_post, $_get , recreate request globals in app.php
p.s. no queries outside repositiories:) http://www.slideshare.net/kriswallsmith/how-kris-writes-symfony-apps
php mysql symfony2 doctrine2
No comments:
Post a Comment