i wonder whats the correct way of finding objects from the database?
i know there's
$em->find()
$em->createQuery()
i guess createQuery will be more like prepared statements thus more secure?
how do i set named parameters in DQL?
$em->createQuery('select u from \Entities\Users u WHERE u.name = :name');
With the 1.X DQL it was
Doctrine_Query::create()->from("Model m")->addWhere("m.field = ?", $value);
Something similar should be available in DQL 2.X
i think i found the answer here
$query = $em->createQuery('SELECT COUNT(a.id) FROM CmsUser u LEFT JOIN u.articles a WHERE u.username = ?1 GROUP BY u.id');
$query->setParameter(1, 'jwage');
$numArticles = $query->getResult(Query::HYDRATE_SINGLE_SCALAR);
setParameter()
i wonder tho if find() does escape values?