views:

198

answers:

2

Hello! I have a doctrine update query to save my data:

$customer = Doctrine_Query::create()

->update('Customer')

->set('fax',"'". $this->getRequest()->getParam('fax')."'")

->where('id ='.$this->getRequest()->getParam('id'))

->execute();

The problem is that the field fax has parenthesis and doctrine returns an error in the query because of these parenthesis "(" and ")".

Somebody knows a solution for this? Thank's

A: 

Not familiar with Doctrine, but what if you escape the parenthesis?

$fax = $this->getRequest()->getParam('fax');
$fax = str_replace(array('(',')'), array('\(','\)'), $fax);

// ...
->set('fax',"'". $fax ."'");

Edit, and it might also be good to sanitize the input to only include numbers, parenthesis and maybe dashes:

// replace everything not 0-9, (, ) or - with nothing
$fax = preg_replace('/[^0-9\(\)\-]/','',$fax);
Alec
Thanks by the comment. i could do something like this, but i would like to solve it without this, with some solution in doctrine..The first answer worked...
Paulo
+4  A: 
$customer = Doctrine_Query::create()
    ->update('Customer')
    ->set('fax', '?', $this->getRequest()->getParam('fax'))
    ->where('id = ?', $this->getRequest()->getParam('id'))
    ->execute();
Tom
This. Always use "?" (or another binding method) to take advantage of PDO's escaping.
Coronatus
it worked...thanks!
Paulo