htmlentities is not working properly in propel symfony 1.2

Question

problem

• its replacing single quotes with double quotes

  echo $movement_data

output string :

    '200407', '200396', '200397', '200398', '200399', '200400', '200401', '200402', '200403', '200404'

propel code:

         $c->add(VmemberDetailsPeer::PERSON_ID,array(htmlentities($movement_data, ENT_QUOTES)),Criteria::IN);
         echo $c->toString();
         $person = VmemberDetailsPeer::doSelect($c);

propel query

 Criteria: SQL (may not be complete): SELECT FROM vmember_details WHERE vmember_details.PERSON_ID IN (:p1) Params: vmember_details.PERSON_ID => ''200407', '200396', '200397', '200398', '200399', '200400', '200401', '200402', '200403', '200404''

output:

   array(0) { }

what i need

• i need to pass same comma seperated string in where clause.

• if i directly push movement_data comm seperated string in array($movement_data)

• it output with special characters like '\2222\', and so on... that i have htmlspecial characters in where clause.

Don"t Use Htmlentities Result propel query

         SELECT FROM vmember_details 
   WHERE vmember_details.PERSON_ID IN (:p1) 

   Params: vmember_details.PERSON_ID => '\'200407\', \'200396\', \'200397\', \'200398\', \'200399\', \'200400\', \'200401\', \'200402\', \'200403\', \'200404\''

solution i tried with explode make string to array:

 $x=explode(",",$movement_data);

output:

      Array
     (
      [0] => '200407'
      [1] => '200396'
      [2] => '200397'
      [3] => '200398'

     )


       $c->add(VmemberDetailsPeer::PERSON_ID,$x,Criteria::IN);
         echo $c->toString();
         $person = VmemberDetailsPeer::doSelect($c);

propel query output:

      SELECT FROM vmember_details WHERE vmember_details.PERSON_ID IN (:p1,:p2,:p3,:p4,:p5,:p6,:p7,:p8,:p9,:p10) Params: vmember_details.PERSON_ID => '\'200407\'', vmember_details.PERSON_ID => ' \'200396\'', vmember_details.PERSON_ID => ' \'200397\'', vmember_details.PERSON_ID => ' \'200398\'', vmember_details.PERSON_ID => ' \'200399\'', vmember_details.PERSON_ID => ' \'200400\'', vmember_details.PERSON_ID => ' \'200401\'', vmember_details.PERSON_ID => ' \'200402\'', vmember_details.PERSON_ID => ' \'200403\'', vmember_details.PERSON_ID => ' \'200404\''

• i need to pass same string where clause .

Answer 1

You extract your data from a string and the output is that array

$x=explode(",",$movement_data);

Array
(
    [0] => '200407'
    [1] => '200396'
    [2] => '200397'
    [3] => '200398'
)

Then you pass that array to a function that creates and SQL statement.

Ok, now please see the code sample below

$a1 = array(1,2,3);
$a2 = array('1','2','3');
$a3 = array("'1'","'2'","'3'");

print_r($a1);
print_r($a2);
print_r($a3);


Array
(
    [0] => 1
    [1] => 2
    [2] => 3
)
Array
(
    [0] => 1
    [1] => 2
    [2] => 3
)
Array
(
    [0] => '1'
    [1] => '2'
    [2] => '3'
)

The first array $a1 contains integers, the second array contains strings with numbers, the third array contains strings with numbers wrapped in single quotes.

And exactly this is your problem!

You MUST remove the single quotes from the numbers, because the driver WILL specially handle them (substitute ' by \') which is what you observed:

SELECT FROM vmember_details 
WHERE vmember_details.PERSON_ID IN (:p1) 

Params: vmember_details.PERSON_ID => '\'200407\', \'200396\', \'200397\', \'200398\', \'200399\', \'200400\', \'200401\', \'200402\', \'200403\', \'200404\''

In fact something different has happened there. You passed a single string which contained single quotes to the statement. The driver examines the string, encounters single quotes and replaces them with slash-single quotes.