1

problem

  • its replacing single quotes with double quotes

    echo $movement_data

output string :

    '200407', '200396', '200397', '200398', '200399', '200400', '200401', '200402', '200403', '200404'

propel code:

         $c->add(VmemberDetailsPeer::PERSON_ID,array(htmlentities($movement_data, ENT_QUOTES)),Criteria::IN);
         echo $c->toString();
         $person = VmemberDetailsPeer::doSelect($c);

propel query

 Criteria: SQL (may not be complete): SELECT FROM vmember_details WHERE vmember_details.PERSON_ID IN (:p1) Params: vmember_details.PERSON_ID => ''200407', '200396', '200397', '200398', '200399', '200400', '200401', '200402', '200403', '200404''

output:

   array(0) { }

what i need

  • i need to pass same comma seperated string in where clause.

  • if i directly push movement_data comm seperated string in array($movement_data)

  • it output with special characters like '\2222\', and so on... that i have htmlspecial characters in where clause.

Don"t Use Htmlentities Result propel query

         SELECT FROM vmember_details 
   WHERE vmember_details.PERSON_ID IN (:p1) 

   Params: vmember_details.PERSON_ID => '\'200407\', \'200396\', \'200397\', \'200398\', \'200399\', \'200400\', \'200401\', \'200402\', \'200403\', \'200404\''

solution i tried with explode make string to array:

 $x=explode(",",$movement_data);

output:

      Array
     (
      [0] => '200407'
      [1] => '200396'
      [2] => '200397'
      [3] => '200398'

     )


       $c->add(VmemberDetailsPeer::PERSON_ID,$x,Criteria::IN);
         echo $c->toString();
         $person = VmemberDetailsPeer::doSelect($c);

propel query output:

      SELECT FROM vmember_details WHERE vmember_details.PERSON_ID IN (:p1,:p2,:p3,:p4,:p5,:p6,:p7,:p8,:p9,:p10) Params: vmember_details.PERSON_ID => '\'200407\'', vmember_details.PERSON_ID => ' \'200396\'', vmember_details.PERSON_ID => ' \'200397\'', vmember_details.PERSON_ID => ' \'200398\'', vmember_details.PERSON_ID => ' \'200399\'', vmember_details.PERSON_ID => ' \'200400\'', vmember_details.PERSON_ID => ' \'200401\'', vmember_details.PERSON_ID => ' \'200402\'', vmember_details.PERSON_ID => ' \'200403\'', vmember_details.PERSON_ID => ' \'200404\''
  • i need to pass same string where clause .
afeef
  • 4,396
  • 11
  • 35
  • 65
  • htmlentities is wrong for database context - why do you use it? – Honk der Hase Jul 20 '16 at 13:48
  • you could see '\'200407\' appears in query – afeef Jul 20 '16 at 13:51
  • first: what is the content in $movement_data array? there should only numeric strings or integers there. When you say '\'200407\'' appears in the query, I could bet the array contains a string like "'200407'" (read: doublequote, singlequote 200407 singlequote doublequote). The database will then convert the singlequotes to slash-singlequote. – Honk der Hase Jul 20 '16 at 13:56
  • is_numeric(movemnet_data):bool(false) – afeef Jul 20 '16 at 14:02
  • ?? first: typo in the variable name, second: no dollar sign, third: $movement_data is an array - use var_dump() – Honk der Hase Jul 20 '16 at 14:15
  • het lars you could see that on converting string to array it still not working at ll – afeef Jul 21 '16 at 05:16

1 Answers1

1

You extract your data from a string and the output is that array

$x=explode(",",$movement_data);

Array
(
    [0] => '200407'
    [1] => '200396'
    [2] => '200397'
    [3] => '200398'
)

Then you pass that array to a function that creates and SQL statement.

Ok, now please see the code sample below

$a1 = array(1,2,3);
$a2 = array('1','2','3');
$a3 = array("'1'","'2'","'3'");

print_r($a1);
print_r($a2);
print_r($a3);


Array
(
    [0] => 1
    [1] => 2
    [2] => 3
)
Array
(
    [0] => 1
    [1] => 2
    [2] => 3
)
Array
(
    [0] => '1'
    [1] => '2'
    [2] => '3'
)

The first array $a1 contains integers, the second array contains strings with numbers, the third array contains strings with numbers wrapped in single quotes.

And exactly this is your problem!

You MUST remove the single quotes from the numbers, because the driver WILL specially handle them (substitute ' by \') which is what you observed:

SELECT FROM vmember_details 
WHERE vmember_details.PERSON_ID IN (:p1) 

Params: vmember_details.PERSON_ID => '\'200407\', \'200396\', \'200397\', \'200398\', \'200399\', \'200400\', \'200401\', \'200402\', \'200403\', \'200404\''

In fact something different has happened there. You passed a single string which contained single quotes to the statement. The driver examines the string, encounters single quotes and replaces them with slash-single quotes.

Honk der Hase
  • 2,459
  • 1
  • 14
  • 26