The raw query can be retrieved using:
$this->getEntityManager()
->createQuery('
SELECT p
FROM GabrielUploadBundle:Image p
WHERE p.upvotes > '.$maxvotes.'
ORDER BY p.createdAt ASC
')
->getSQL();
But this is a simple query, why not use DQL and add the parameters separately (using prepared statements which are safe from SQL inject attacks)?
$this->getEntityManager()
->createQueryBuilder()
->select('p')
->from('GabrielUploadBundle:Image')
->where('p.upvotes > :maxvotes')
->setParameter('maxvotes', $maxvotes)
->orderBy('p.createdAt', 'ASC')
->getSQL();
To be able to get the query (object) or query builder (object) from the controller you need to break the repository logic into 2 functions, one which builds the query and another which calls the query with parameters:
class ImageRepository extends EntityRepository
{
public function findAllNewestByVotesQuery($maxvotes)
{
return $this->getEntityManager()
->createQueryBuilder()
->select('p')
->from('GabrielUploadBundle:Image')
->where('p.upvotes > :maxvotes')
->setParameter('maxvotes', $maxvotes)
->orderBy('p.createdAt', 'ASC');
}
public function findAllNewestByVotes($maxvotes)
{
return $this
->findAllNewestByVotesQuery($maxvotes)
->getQuery()
->getResult();
}
}