Cavemanon/piratepoet
8
Fork 0
Code Pull Requests Actions Releases 16 Activity

Escape parameter for LIKE statement

Browse Source 
[MAILPOET-2645]
This commit is contained in:
Jan Jakeš
2020-03-04 16:30:55 +01:00
committed by Jack Kitterhing
parent 2cc1caba07
commit 038a7fee1c
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
lib/Newsletter/Listing/NewsletterListingRepository.php
View File

@@ -201,9 +201,10 @@ class NewsletterListingRepository extends ListingRepository {
} }
protected function applySearch(QueryBuilder $queryBuilder, string $search) { protected function applySearch(QueryBuilder $queryBuilder, string $search) {
$search = str_replace(['\\', '%', '_'], ['\\\\', '\\%', '\\_'], $search); // escape for 'LIKE'
$queryBuilder $queryBuilder
->andWhere('n.subject LIKE :search') ->andWhere('n.subject LIKE :search')
->setParameter('search', "%$search%"); // TODO: escape? ->setParameter('search', "%$search%");
} }
protected function applyFilters(QueryBuilder $queryBuilder, array $filters) { protected function applyFilters(QueryBuilder $queryBuilder, array $filters) {