Hi I have a little problem in implementing a form filter using doctrine.
The problem is that I need to filter fields belonging to an related table. So I create cutom addXColumnQuery methods: public function addPnombreColumnQuery(Doctrine_Query $query, $field, $value) { $this->addPersonaTableTextFiledFilter($query,'pnombre', $value); } public function addPapellidosColumnQuery(Doctrine_Query $query, $field, $value) { $this->addPersonaTableTextFiledFilter($query,'papellidos', $value); } public function addPdniColumnQuery(Doctrine_Query $query, $field, $value) { $this->addPersonaTableTextFiledFilter($query,'pdni',$value); } protected function addPersonaTableTextFiledFilter(Doctrine_Query $query, $field, $value){ if(!$this->personaTableJoined){ $rootAlias = $query->getRootAlias(); $query->innerJoin($rootAlias.'.Persona p'); $this->personaTableJoined = true; } $query->andWhere('p.'.$field.' LIKE ?','%'.$value.'%'); } It works well except when the text has quotes. They are not escaped automaticly. I'm using symfony 1.4 with mysql and my database connection configuretion looks like this: all: doctrine: class: sfDoctrineDatabase param: dsn: 'mysql:host=host;dbname=name' username: user password: password I found a little solution that I don't like very well: protected function addPersonaTableTextFiledFilter(Doctrine_Query $query, $field, $value){ if(!$this->personaTableJoined){ $rootAlias = $query->getRootAlias(); $query->innerJoin($rootAlias.'.Persona p'); $this->personaTableJoined = true; } $quotedValue = $query->getConnection()->getDbh()->quote('%'. $value.'%', PDO::PARAM_STR); //escape quotes $query->andWhere('p.'.$field.' LIKE '.$quotedValue); } Is there any better solution? I think the autogenerated filter form o symfony have the same problem but I'm no sure. regards -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en