joinLeft escape string from ON condition
-
29-09-2020 - |
سؤال
I am wondering if it is possible to escape string inside ON condition, something like binding params inside where condition. This is my code
$this->getSelect()->joinLeft(
array('notcountries' => $countriesTable),
"main_table.page_id = notcountries.page_id AND notcountries.country_id='$countryId'",
array()
)
->where("notcountries.country_id IS null");
$countryId is received from user and can be potentially harmful string. What is a proper way to make $countryId safe string?
المحلول
I found a way.
$this->getSelect()->joinLeft(
array('notcountries' => $countriesTable),
$this->getConnection()->quoteInto("main_table.page_id = notcountries.page_id AND notcountries.country_id=?",$countryId),
array()
)
->where("notcountries.country_id IS null");
نصائح أخرى
You can add php checking just before passing this variable in ON condition.
لا تنتمي إلى magento.stackexchange