joinLeft escape string from ON condition

https://magento.stackexchange.com/questions/104799

29-09-2020
|

質問

I am wondering if it is possible to escape string inside ON condition, something like binding params inside where condition. This is my code

$this->getSelect()->joinLeft(
                array('notcountries' => $countriesTable),
                "main_table.page_id = notcountries.page_id AND notcountries.country_id='$countryId'",
                array()
        )     
        ->where("notcountries.country_id IS null");

$countryId is received from user and can be potentially harmful string. What is a proper way to make $countryId safe string?

解決

I found a way.

$this->getSelect()->joinLeft(
            array('notcountries' => $countriesTable),
            $this->getConnection()->quoteInto("main_table.page_id = notcountries.page_id AND notcountries.country_id=?",$countryId),
            array()
    )     
    ->where("notcountries.country_id IS null");

他のヒント

You can add php checking just before passing this variable in ON condition.

ライセンス： CC-BY-SA と帰属

所属していません magento.stackexchange