update in Doctrine with special characters

Question

I have this error when i try to update my value with special character

Message: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 't' WHERE (idcommentaire = 117)' at line 1. Failing Query: "UPDATE commentaire SET commentaire = 'test't' WHERE (idcommentaire = 117)"

UPDATE commentaire SET commentaire = 'test't' WHERE (idcommentaire = 117)
                                          ^

Why doctrine does not manage special characters ?

My function:

static public function modifierCommentaire($id, $commentaire)
{
    $req = Doctrine_Query::create()
    ->update('Commentaire c')
    ->set('c.commentaire ', $commentaire)
    ->where("c.idcommentaire=$id")
    ->execute();
}

1ed 1ed · Accepted Answer · 2015-04-16T13:20:30

You should use prepared statements and an update query should look like something like this:

Doctrine_Query::create()
  ->update('Commentaire c')
  ->set('c.commentaire', '?', $commentaire)
  ->where('c.idcommentaire = ?', $id)
  ->execute();

So where you have a variable put a ? there and pass the parameter as an argument. This way doctrine will create prepared statements and the variables will be escaped correctly (and it is more efficient too).

update in Doctrine with special characters

1 Answers