[symfony-users] Escape quote on FormFilter

Wed, 08 Sep 2010 07:40:11 -0700 

Hi

I have a little problem in implementing a form filter using doctrine.

The problem is that I need to filter fields belonging to an related
table. So I create cutom addXColumnQuery methods:

public function  addPnombreColumnQuery(Doctrine_Query $query, $field,
$value) {
        $this->addPersonaTableTextFiledFilter($query,'pnombre',
$value);
    }

    public function  addPapellidosColumnQuery(Doctrine_Query $query,
$field, $value) {
        $this->addPersonaTableTextFiledFilter($query,'papellidos',
$value);
    }

    public function  addPdniColumnQuery(Doctrine_Query $query, $field,
$value) {
        $this->addPersonaTableTextFiledFilter($query,'pdni',$value);
    }

    protected function addPersonaTableTextFiledFilter(Doctrine_Query
$query, $field, $value){
        if(!$this->personaTableJoined){
            $rootAlias = $query->getRootAlias();

            $query->innerJoin($rootAlias.'.Persona p');
            $this->personaTableJoined = true;
        }


        $query->andWhere('p.'.$field.' LIKE ?','%'.$value.'%');
    }

It works well except when the text has quotes. They are not escaped
automaticly.

I'm using symfony 1.4 with mysql and my database connection
configuretion looks like this:

all:
  doctrine:
    class: sfDoctrineDatabase
    param:
      dsn: 'mysql:host=host;dbname=name'
      username: user
      password: password

I found a little solution that I don't like very well:

protected function addPersonaTableTextFiledFilter(Doctrine_Query
$query, $field, $value){
        if(!$this->personaTableJoined){
            $rootAlias = $query->getRootAlias();

            $query->innerJoin($rootAlias.'.Persona p');
            $this->personaTableJoined = true;
        }

        $quotedValue = $query->getConnection()->getDbh()->quote('%'.
$value.'%', PDO::PARAM_STR); //escape quotes

        $query->andWhere('p.'.$field.' LIKE '.$quotedValue);
    }

Is there any better solution? I think the autogenerated filter form o
symfony have the same problem but I'm no sure.

regards

-- 
If you want to report a vulnerability issue on symfony, please send it to 
security at symfony-project.com

You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en

Reply via email to