No quoteIdentifier is not safe in this context. Its about "identifiers", but you quote a value.
You should work with json_encode([$conn->quote($attrId) => $conn->quote($value, \PDO::PARAM_INT)]); On Tue, Feb 12, 2019 at 4:39 PM Dmytro Kokoriev <[email protected]> wrote: > We use doctrine 2 and want to write a parameterised code like this: > > attributes @> \'{' . $con->quote($attrId) . ':' . (int)$value . '}\''; > > to have a query like this: > > WHERE attributes @>'{"color":14}'; > > The "color" is the custom (user chosen) name of an attribute. So I feel > that quote() > <https://www.doctrine-project.org/projects/doctrine-dbal/en/2.9/reference/data-retrieval-and-manipulation.html#quote> > is > an appropriate function to shield it. But it wraps a parameter with single > quotes, what makes the request syntax incorrect. > > quoteIdentifier() > <https://www.doctrine-project.org/projects/doctrine-dbal/en/2.9/reference/data-retrieval-and-manipulation.html#quoteidentifier> > function > wraps with double quotes, BUT > > > IS quoteIdentifier( > <https://www.doctrine-project.org/projects/doctrine-dbal/en/2.9/reference/data-retrieval-and-manipulation.html#quoteidentifier> > ) applicable and can be safely used in this context? > > -- > You received this message because you are subscribed to the Google Groups > "doctrine-user" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/doctrine-user. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "doctrine-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/doctrine-user. For more options, visit https://groups.google.com/d/optout.
