doctrine/archived-orm
1
0
Fork 0
mirror of https://github.com/doctrine/orm.git synced 2026-03-24 06:52:09 +01:00
Code Issues 5.3k Packages Projects Releases 100 Wiki Activity

DDC-3821: QueryBuilder throws QueryException when Expr\Comparison($x, 'LIKE', $y) with 'LIKE' operator was added in where clause #4681

New Issue
Closed
opened 2026-01-22 14:47:25 +01:00 by admin · 10 comments
admin commented 2026-01-22 14:47:25 +01:00
Owner
Copy Link

Originally created by @doctrinebot on GitHub (Jul 13, 2015).

Originally assigned to: @Ocramius on GitHub.

Jira issue originally created by user eghlima.r@gmail.com:

This is the query from QueryBuilder->getDQL():

SELECT c FROM wsi\ams\model\Cell c INNER JOIN c.accountingUnit au WHERE 'name' LIKE ?1

We are using YII (1.1.16) and Doctrine ORM (2.5).
For YII grid, we need to handle filtering. We accept user input and try to add them all to an Expr\orX clause then add this expression to our QueryBuilder object at the end.
The problem as i could understood is expr\like internally handle by expr\comparison. this comparison later will use in Parser class and in ComparisonOperator method, there is no case for LIKE in switch-case at all. but before that method in Parser class there is a method called: Parser::SimpleConditionalExpression and in this method there is:

if ($token['type'] === Lexer::T_LIKE) {
            return $this->LikeExpression();
}

and it should handle like in this clause (If i get it right?), but $token['type'] is holding attribute name(in my case name) not the constant belong to Lexer::T_LIKE and so it ignores this clause and goes down into:

return $this->ComparisonExpression();

Example of code that throws exception:

if(isset($*REQUEST[$rootEntity])){ // accept filter parameter from $*REQUEST
            $or = $this->getQueryBuilder()->expr()->orX();
            foreach($_REQUEST[$rootEntity] as $key => $val){ // for each name => value 
                if($val){ // if it contains valid value
                    $or->add($this->getQueryBuilder()->expr()->like("'" . $key . "'", ":" . $key));
                    $this->getQueryBuilder()->setParameters(array($key => $val));
                }
            }
            $this->getQueryBuilder()->andWhere($or); // finally add that OR clause to query
}

Exception details:

<h1>Doctrine\ORM\Query\QueryException</h1>
<p>[Syntax Error] line 0, col 79: Error: Expected =, <, <=, <>, >, >=, !=, got 'LIKE' (/home/mohammad/workspace/ir.wsi.base/protected/vendor/doctrine/orm/lib/Doctrine/ORM/Query/QueryException.php:52)</p>
<pre>
#0 /home/mohammad/workspace/ir.wsi.base/protected/vendor/doctrine/orm/lib/Doctrine/ORM/Query/Parser.php(448): Doctrine\ORM\Query\QueryException::syntaxError('line 0, col 79:...', object(Doctrine\ORM\Query\QueryException))
#1 /home/mohammad/workspace/ir.wsi.base/protected/vendor/doctrine/orm/lib/Doctrine/ORM/Query/Parser.php(3325): Doctrine\ORM\Query\Parser->syntaxError('=, <, <=, <>, >...')
#2 /home/mohammad/workspace/ir.wsi.base/protected/vendor/doctrine/orm/lib/Doctrine/ORM/Query/Parser.php(3040): Doctrine\ORM\Query\Parser->ComparisonOperator()
#3 /home/mohammad/workspace/ir.wsi.base/protected/vendor/doctrine/orm/lib/Doctrine/ORM/Query/Parser.php(2564): Doctrine\ORM\Query\Parser->ComparisonExpression()
#4 /home/mohammad/workspace/ir.wsi.base/protected/vendor/doctrine/orm/lib/Doctrine/ORM/Query/Parser.php(2447): Doctrine\ORM\Query\Parser->SimpleConditionalExpression()
#5 /home/mohammad/workspace/ir.wsi.base/protected/vendor/doctrine/orm/lib/Doctrine/ORM/Query/Parser.php(2423): Doctrine\ORM\Query\Parser->ConditionalPrimary()
#6 /home/mohammad/workspace/ir.wsi.base/protected/vendor/doctrine/orm/lib/Doctrine/ORM/Query/Parser.php(2391): Doctrine\ORM\Query\Parser->ConditionalFactor()
#7 /home/mohammad/workspace/ir.wsi.base/protected/vendor/doctrine/orm/lib/Doctrine/ORM/Query/Parser.php(2366): Doctrine\ORM\Query\Parser->ConditionalTerm()
#8 /home/mohammad/workspace/ir.wsi.base/protected/vendor/doctrine/orm/lib/Doctrine/ORM/Query/Parser.php(1333): Doctrine\ORM\Query\Parser->ConditionalExpression()
#9 /home/mohammad/workspace/ir.wsi.base/protected/vendor/doctrine/orm/lib/Doctrine/ORM/Query/Parser.php(876): Doctrine\ORM\Query\Parser->WhereClause()
#10 /home/mohammad/workspace/ir.wsi.base/protected/vendor/doctrine/orm/lib/Doctrine/ORM/Query/Parser.php(843): Doctrine\ORM\Query\Parser->SelectStatement()
#11 /home/mohammad/workspace/ir.wsi.base/protected/vendor/doctrine/orm/lib/Doctrine/ORM/Query/Parser.php(268): Doctrine\ORM\Query\Parser->QueryLanguage()
#12 /home/mohammad/workspace/ir.wsi.base/protected/vendor/doctrine/orm/lib/Doctrine/ORM/Query/Parser.php(351): Doctrine\ORM\Query\Parser->getAST()
#13 /home/mohammad/workspace/ir.wsi.base/protected/vendor/doctrine/orm/lib/Doctrine/ORM/Query.php(281): Doctrine\ORM\Query\Parser->parse()
#14 /home/mohammad/workspace/ir.wsi.base/protected/vendor/doctrine/orm/lib/Doctrine/ORM/Query.php(293): Doctrine\ORM\Query->_parse()
#15 /home/mohammad/workspace/ir.wsi.base/protected/vendor/doctrine/orm/lib/Doctrine/ORM/AbstractQuery.php(969): Doctrine\ORM\Query->_doExecute()
#16 /home/mohammad/workspace/ir.wsi.base/protected/vendor/doctrine/orm/lib/Doctrine/ORM/AbstractQuery.php(924): Doctrine\ORM\AbstractQuery->executeIgnoreQueryCache(NULL, 1)
#17 /home/mohammad/workspace/ir.wsi.base/protected/vendor/doctrine/orm/lib/Doctrine/ORM/AbstractQuery.php(727): Doctrine\ORM\AbstractQuery->execute(NULL, 1)
#18 /home/mohammad/workspace/ir.wsi.base/protected/lib/doctrine/DataProvider.php(144): Doctrine\ORM\AbstractQuery->getResult()
#19 /home/mohammad/workspace/ir.wsi.base/protected/vendor/yiisoft/yii/framework/web/CDataProvider.php(170): lib\doctrine\DataProvider->fetchData()
#20 /home/mohammad/workspace/ir.wsi.base/protected/vendor/yiisoft/yii/framework/zii/widgets/CBaseListView.php(125): CDataProvider->getData()
#21 /home/mohammad/workspace/ir.wsi.base/protected/vendor/yiisoft/yii/framework/zii/widgets/grid/CGridView.php(339): CBaseListView->init()
#22 /home/mohammad/workspace/ir.wsi.base/protected/vendor/clevertech/yii-booster/src/widgets/TbGridView.php(68): CGridView->init()
#23 /home/mohammad/workspace/ir.wsi.base/protected/vendor/yiisoft/yii/framework/yiilite.php(3502): TbGridView->init()
#24 /home/mohammad/workspace/ir.wsi.base/protected/vendor/yiisoft/yii/framework/yiilite.php(3525): CBaseController->createWidget('booster.widgets...', Array)
#25 /home/mohammad/workspace/ir.wsi.base/protected/modules/ams/views/cell/list.php(52): CBaseController->widget('booster.widgets...', Array)
#26 /home/mohammad/workspace/ir.wsi.base/protected/vendor/yiisoft/yii/framework/yiilite.php(3493): require('/home/mohammad/...')
#27 /home/mohammad/workspace/ir.wsi.base/protected/vendor/yiisoft/yii/framework/yiilite.php(3472): CBaseController->renderInternal('/home/mohammad/...', NULL, true)
#28 /home/mohammad/workspace/ir.wsi.base/protected/vendor/yiisoft/yii/framework/yiilite.php(3904): CBaseController->renderFile('/home/mohammad/...', NULL, true)
#29 /home/mohammad/workspace/ir.wsi.base/protected/vendor/yiisoft/yii/framework/yiilite.php(3872): CController->renderPartial('list', NULL, true)
#30 /home/mohammad/workspace/ir.wsi.base/protected/modules/ams/controllers/CellController.php(36): CController->render('list')
#31 /home/mohammad/workspace/ir.wsi.base/protected/vendor/yiisoft/yii/framework/yiilite.php(4139): CellController->actionList()
#32 /home/mohammad/workspace/ir.wsi.base/protected/vendor/yiisoft/yii/framework/yiilite.php(3652): CInlineAction->runWithParams(Array)
#33 /home/mohammad/workspace/ir.wsi.base/protected/vendor/yiisoft/yii/framework/yiilite.php(3637): CController->runAction(Object(CInlineAction))
#34 /home/mohammad/workspace/ir.wsi.base/protected/vendor/yiisoft/yii/framework/yiilite.php(3627): CController->runActionWithFilters(Object(CInlineAction), Array)
#35 /home/mohammad/workspace/ir.wsi.base/protected/vendor/yiisoft/yii/framework/yiilite.php(1761): CController->run('list')
#36 /home/mohammad/workspace/ir.wsi.base/protected/vendor/yiisoft/yii/framework/yiilite.php(1681): CWebApplication->runController('ams/cell/list')
#37 /home/mohammad/workspace/ir.wsi.base/protected/vendor/yiisoft/yii/framework/yiilite.php(1202): CWebApplication->processRequest()
#38 /home/mohammad/workspace/ir.wsi.base/index.php(13): CApplication->run()
#39 {main}</pre>
Originally created by @doctrinebot on GitHub (Jul 13, 2015). Originally assigned to: @Ocramius on GitHub. Jira issue originally created by user eghlima.r@gmail.com: This is the query from `QueryBuilder->getDQL()`: `SELECT c FROM wsi\ams\model\Cell c INNER JOIN c.accountingUnit au WHERE 'name' LIKE ?1` We are using YII (1.1.16) and Doctrine ORM (2.5). For YII grid, we need to handle filtering. We accept user input and try to add them all to an Expr\orX clause then add this expression to our QueryBuilder object at the end. The problem as i could understood is expr\like internally handle by expr\comparison. this comparison later will use in Parser class and in ComparisonOperator method, there is no case for LIKE in switch-case at all. but before that method in Parser class there is a method called: Parser::SimpleConditionalExpression and in this method there is: ``` if ($token['type'] === Lexer::T_LIKE) { return $this->LikeExpression(); } ``` and it should handle like in this clause (If i get it right?), but $token['type'] is holding attribute name(in my case `name`) not the constant belong to Lexer::T_LIKE and so it ignores this clause and goes down into: ``` return $this->ComparisonExpression(); ``` Example of code that throws exception: ``` if(isset($*REQUEST[$rootEntity])){ // accept filter parameter from $*REQUEST $or = $this->getQueryBuilder()->expr()->orX(); foreach($_REQUEST[$rootEntity] as $key => $val){ // for each name => value if($val){ // if it contains valid value $or->add($this->getQueryBuilder()->expr()->like("'" . $key . "'", ":" . $key)); $this->getQueryBuilder()->setParameters(array($key => $val)); } } $this->getQueryBuilder()->andWhere($or); // finally add that OR clause to query } ``` Exception details: ``` <h1>Doctrine\ORM\Query\QueryException</h1> <p>[Syntax Error] line 0, col 79: Error: Expected =, <, <=, <>, >, >=, !=, got 'LIKE' (/home/mohammad/workspace/ir.wsi.base/protected/vendor/doctrine/orm/lib/Doctrine/ORM/Query/QueryException.php:52)</p> <pre> #0 /home/mohammad/workspace/ir.wsi.base/protected/vendor/doctrine/orm/lib/Doctrine/ORM/Query/Parser.php(448): Doctrine\ORM\Query\QueryException::syntaxError('line 0, col 79:...', object(Doctrine\ORM\Query\QueryException)) #1 /home/mohammad/workspace/ir.wsi.base/protected/vendor/doctrine/orm/lib/Doctrine/ORM/Query/Parser.php(3325): Doctrine\ORM\Query\Parser->syntaxError('=, <, <=, <>, >...') #2 /home/mohammad/workspace/ir.wsi.base/protected/vendor/doctrine/orm/lib/Doctrine/ORM/Query/Parser.php(3040): Doctrine\ORM\Query\Parser->ComparisonOperator() #3 /home/mohammad/workspace/ir.wsi.base/protected/vendor/doctrine/orm/lib/Doctrine/ORM/Query/Parser.php(2564): Doctrine\ORM\Query\Parser->ComparisonExpression() #4 /home/mohammad/workspace/ir.wsi.base/protected/vendor/doctrine/orm/lib/Doctrine/ORM/Query/Parser.php(2447): Doctrine\ORM\Query\Parser->SimpleConditionalExpression() #5 /home/mohammad/workspace/ir.wsi.base/protected/vendor/doctrine/orm/lib/Doctrine/ORM/Query/Parser.php(2423): Doctrine\ORM\Query\Parser->ConditionalPrimary() #6 /home/mohammad/workspace/ir.wsi.base/protected/vendor/doctrine/orm/lib/Doctrine/ORM/Query/Parser.php(2391): Doctrine\ORM\Query\Parser->ConditionalFactor() #7 /home/mohammad/workspace/ir.wsi.base/protected/vendor/doctrine/orm/lib/Doctrine/ORM/Query/Parser.php(2366): Doctrine\ORM\Query\Parser->ConditionalTerm() #8 /home/mohammad/workspace/ir.wsi.base/protected/vendor/doctrine/orm/lib/Doctrine/ORM/Query/Parser.php(1333): Doctrine\ORM\Query\Parser->ConditionalExpression() #9 /home/mohammad/workspace/ir.wsi.base/protected/vendor/doctrine/orm/lib/Doctrine/ORM/Query/Parser.php(876): Doctrine\ORM\Query\Parser->WhereClause() #10 /home/mohammad/workspace/ir.wsi.base/protected/vendor/doctrine/orm/lib/Doctrine/ORM/Query/Parser.php(843): Doctrine\ORM\Query\Parser->SelectStatement() #11 /home/mohammad/workspace/ir.wsi.base/protected/vendor/doctrine/orm/lib/Doctrine/ORM/Query/Parser.php(268): Doctrine\ORM\Query\Parser->QueryLanguage() #12 /home/mohammad/workspace/ir.wsi.base/protected/vendor/doctrine/orm/lib/Doctrine/ORM/Query/Parser.php(351): Doctrine\ORM\Query\Parser->getAST() #13 /home/mohammad/workspace/ir.wsi.base/protected/vendor/doctrine/orm/lib/Doctrine/ORM/Query.php(281): Doctrine\ORM\Query\Parser->parse() #14 /home/mohammad/workspace/ir.wsi.base/protected/vendor/doctrine/orm/lib/Doctrine/ORM/Query.php(293): Doctrine\ORM\Query->_parse() #15 /home/mohammad/workspace/ir.wsi.base/protected/vendor/doctrine/orm/lib/Doctrine/ORM/AbstractQuery.php(969): Doctrine\ORM\Query->_doExecute() #16 /home/mohammad/workspace/ir.wsi.base/protected/vendor/doctrine/orm/lib/Doctrine/ORM/AbstractQuery.php(924): Doctrine\ORM\AbstractQuery->executeIgnoreQueryCache(NULL, 1) #17 /home/mohammad/workspace/ir.wsi.base/protected/vendor/doctrine/orm/lib/Doctrine/ORM/AbstractQuery.php(727): Doctrine\ORM\AbstractQuery->execute(NULL, 1) #18 /home/mohammad/workspace/ir.wsi.base/protected/lib/doctrine/DataProvider.php(144): Doctrine\ORM\AbstractQuery->getResult() #19 /home/mohammad/workspace/ir.wsi.base/protected/vendor/yiisoft/yii/framework/web/CDataProvider.php(170): lib\doctrine\DataProvider->fetchData() #20 /home/mohammad/workspace/ir.wsi.base/protected/vendor/yiisoft/yii/framework/zii/widgets/CBaseListView.php(125): CDataProvider->getData() #21 /home/mohammad/workspace/ir.wsi.base/protected/vendor/yiisoft/yii/framework/zii/widgets/grid/CGridView.php(339): CBaseListView->init() #22 /home/mohammad/workspace/ir.wsi.base/protected/vendor/clevertech/yii-booster/src/widgets/TbGridView.php(68): CGridView->init() #23 /home/mohammad/workspace/ir.wsi.base/protected/vendor/yiisoft/yii/framework/yiilite.php(3502): TbGridView->init() #24 /home/mohammad/workspace/ir.wsi.base/protected/vendor/yiisoft/yii/framework/yiilite.php(3525): CBaseController->createWidget('booster.widgets...', Array) #25 /home/mohammad/workspace/ir.wsi.base/protected/modules/ams/views/cell/list.php(52): CBaseController->widget('booster.widgets...', Array) #26 /home/mohammad/workspace/ir.wsi.base/protected/vendor/yiisoft/yii/framework/yiilite.php(3493): require('/home/mohammad/...') #27 /home/mohammad/workspace/ir.wsi.base/protected/vendor/yiisoft/yii/framework/yiilite.php(3472): CBaseController->renderInternal('/home/mohammad/...', NULL, true) #28 /home/mohammad/workspace/ir.wsi.base/protected/vendor/yiisoft/yii/framework/yiilite.php(3904): CBaseController->renderFile('/home/mohammad/...', NULL, true) #29 /home/mohammad/workspace/ir.wsi.base/protected/vendor/yiisoft/yii/framework/yiilite.php(3872): CController->renderPartial('list', NULL, true) #30 /home/mohammad/workspace/ir.wsi.base/protected/modules/ams/controllers/CellController.php(36): CController->render('list') #31 /home/mohammad/workspace/ir.wsi.base/protected/vendor/yiisoft/yii/framework/yiilite.php(4139): CellController->actionList() #32 /home/mohammad/workspace/ir.wsi.base/protected/vendor/yiisoft/yii/framework/yiilite.php(3652): CInlineAction->runWithParams(Array) #33 /home/mohammad/workspace/ir.wsi.base/protected/vendor/yiisoft/yii/framework/yiilite.php(3637): CController->runAction(Object(CInlineAction)) #34 /home/mohammad/workspace/ir.wsi.base/protected/vendor/yiisoft/yii/framework/yiilite.php(3627): CController->runActionWithFilters(Object(CInlineAction), Array) #35 /home/mohammad/workspace/ir.wsi.base/protected/vendor/yiisoft/yii/framework/yiilite.php(1761): CController->run('list') #36 /home/mohammad/workspace/ir.wsi.base/protected/vendor/yiisoft/yii/framework/yiilite.php(1681): CWebApplication->runController('ams/cell/list') #37 /home/mohammad/workspace/ir.wsi.base/protected/vendor/yiisoft/yii/framework/yiilite.php(1202): CWebApplication->processRequest() #38 /home/mohammad/workspace/ir.wsi.base/index.php(13): CApplication->run() #39 {main}</pre> ```
admin added the Bug label 2026-01-22 14:47:25 +01:00
admin closed this issue 2026-01-22 14:47:25 +01:00
admin commented 2026-01-22 14:47:27 +01:00
Author
Owner
Copy Link

@doctrinebot commented on GitHub (Jul 13, 2015):

@doctrinebot commented on GitHub (Jul 13, 2015): - is duplicated by [DDC-339: Parser incorrectly assumes arithmetic expression when finding lower(something) ](http://www.doctrine-project.org/jira/browse/DDC-339)
admin commented 2026-01-22 14:47:27 +01:00
Author
Owner
Copy Link

@doctrinebot commented on GitHub (Jul 13, 2015):

Comment created by eghlima.r@gmail.com:

Code i have sent for you is in this class file.
We use it as DataProvider for YII GridView.

When I was writing a sample code to do filter by using Expr, this bug has raised.

@doctrinebot commented on GitHub (Jul 13, 2015): Comment created by eghlima.r@gmail.com: Code i have sent for you is in this class file. We use it as DataProvider for YII GridView. When I was writing a sample code to do filter by using Expr, this bug has raised.
admin commented 2026-01-22 14:47:27 +01:00
Author
Owner
Copy Link

@doctrinebot commented on GitHub (Jul 13, 2015):

Comment created by eghlima.r@gmail.com:

This is our composer.json

we are using ORM version 2.5

@doctrinebot commented on GitHub (Jul 13, 2015): Comment created by eghlima.r@gmail.com: This is our composer.json we are using ORM version 2.5
admin commented 2026-01-22 14:47:27 +01:00
Author
Owner
Copy Link

@doctrinebot commented on GitHub (Jul 20, 2015):

Comment created by @ocramius:

Moved back to Minor

@doctrinebot commented on GitHub (Jul 20, 2015): Comment created by @ocramius: Moved back to `Minor`
admin commented 2026-01-22 14:47:28 +01:00
Author
Owner
Copy Link

@doctrinebot commented on GitHub (Jul 20, 2015):

Comment created by @ocramius:

Note: I moved this to Security Issues, because your code is vulnerable to SQL/DQL injections: fix it.

This issue as-is is invalid and I'm going to close it, as you are misusing the query builder by even allowing $_REQUEST to directly affect the generated query.

The actual resolution for this issue is to allow the LIKE operator to behave like any other operator in f5e79fa0c0/lib/Doctrine/ORM/Query/Parser.php (L3280-L3287), which is an improvement (not a bug), since a ComparisonOperator currently doesn't also handle LIKE.

@doctrinebot commented on GitHub (Jul 20, 2015): Comment created by @ocramius: Note: I moved this to `Security Issues`, because your code is vulnerable to SQL/DQL injections: fix it. This issue as-is is invalid and I'm going to close it, as you are misusing the query builder by even allowing `$_REQUEST` to directly affect the generated query. The actual resolution for this issue is to allow the `LIKE` operator to behave like any other operator in https://github.com/doctrine/doctrine2/blob/f5e79fa0c0cc6f8482e8738f8cb1a94bde5991f9/lib/Doctrine/ORM/Query/Parser.php#L3280-L3287, which is an improvement (not a bug), since a `ComparisonOperator` currently doesn't also handle `LIKE`.
admin commented 2026-01-22 14:47:28 +01:00
Author
Owner
Copy Link

@doctrinebot commented on GitHub (Jul 20, 2015):

Issue was closed with resolution "Invalid"

@doctrinebot commented on GitHub (Jul 20, 2015): Issue was closed with resolution "Invalid"
admin commented 2026-01-22 14:47:28 +01:00
Author
Owner
Copy Link

@doctrinebot commented on GitHub (Jul 20, 2015):

Comment created by @ocramius:

Also please check http://docs.doctrine-project.org/projects/doctrine-orm/en/latest/reference/dql-doctrine-query-language.html#ebnf

@doctrinebot commented on GitHub (Jul 20, 2015): Comment created by @ocramius: Also please check http://docs.doctrine-project.org/projects/doctrine-orm/en/latest/reference/dql-doctrine-query-language.html#ebnf
admin commented 2026-01-22 14:47:29 +01:00
Author
Owner
Copy Link

@doctrinebot commented on GitHub (Jul 20, 2015):

Comment created by eghlima.r@gmail.com:

Thank you Marco for your answer.
thank you for your notice, but sql injection is not my concern now, since it is sample code.
I think i did not misuse querybuilder! i just copied what is written in documentation here:
http://doctrine-orm.readthedocs.org/en/latest/reference/query-builder.html#high-level-api-methods

accordingly I wrote this (i made all things statically, so we don't have injection problem together) :

$this->getQueryBuilder()->where(
            $this->getQueryBuilder()->expr()->orX(
                $this->getQueryBuilder()->expr()->like('cell.name', ":name")
));
$this->getQueryBuilder()->setParameters(array("name" => "%X1%"));

Should it work or not? it does not work for me.
it gives me the error i gave you with full stack. I think i could not explain clearly.
I am not using Expr\Comparison, i said, this code $qb->expr()->like('u.nickname', '?2') which is written in documentation, internally is using Expr\Comparison and later in Parser class, this LIKE (which is wrongly marked as comparison) is not handled and causes this error!
So it is not an improvement, it is a bug. if you need more detail to simulate it, i am at your service.

BUT if i write this for LIKE it will work!

$this->getQueryBuilder()->andWhere('cell.name LIKE :name');
$this->getQueryBuilder()->setParameters(array("name" => "%X1%"));

But i prefer the officially said and well structured way to add my LIKE expressions to querybuilder.

@doctrinebot commented on GitHub (Jul 20, 2015): Comment created by eghlima.r@gmail.com: Thank you Marco for your answer. thank you for your notice, but sql injection is not my concern now, since it is sample code. I think i did not misuse querybuilder! i just copied what is written in documentation here: http://doctrine-orm.readthedocs.org/en/latest/reference/query-builder.html#high-level-api-methods accordingly I wrote this (i made all things statically, so we don't have injection problem together) : ``` $this->getQueryBuilder()->where( $this->getQueryBuilder()->expr()->orX( $this->getQueryBuilder()->expr()->like('cell.name', ":name") )); $this->getQueryBuilder()->setParameters(array("name" => "%X1%")); ``` Should it work or not? it does not work for me. it gives me the error i gave you with full stack. I think i could not explain clearly. I am not using Expr\Comparison, i said, this code `$qb->expr()->like('u.nickname', '?2')` which is written in documentation, internally is using `Expr\Comparison` and later in Parser class, this `LIKE` (which is wrongly marked as comparison) is not handled and causes this error! So it is not an improvement, it is a bug. if you need more detail to simulate it, i am at your service. BUT if i write this for `LIKE` it will work! ``` $this->getQueryBuilder()->andWhere('cell.name LIKE :name'); $this->getQueryBuilder()->setParameters(array("name" => "%X1%")); ``` But i prefer the officially said and well structured way to add my LIKE expressions to querybuilder.
admin commented 2026-01-22 14:47:30 +01:00
Author
Owner
Copy Link

@doctrinebot commented on GitHub (Jul 20, 2015):

Comment created by eghlima.r@gmail.com:

Dear Marco

I just updated my vendor with composer and everything works fine!
But i am sure, that bug in previous comments was exist!
I just changed some lines in doctrine bootstrap and updated vendor.

Sorry about your time. but it is fixed now

@doctrinebot commented on GitHub (Jul 20, 2015): Comment created by eghlima.r@gmail.com: Dear Marco I just updated my vendor with composer and everything works fine! But i am sure, that bug in previous comments was exist! I just changed some lines in doctrine bootstrap and updated vendor. Sorry about your time. but it is fixed now
admin commented 2026-01-22 14:47:30 +01:00
Author
Owner
Copy Link

@doctrinebot commented on GitHub (Jul 20, 2015):

Comment created by @ocramius:

No problem :-)

I'm keeping the issue hidden to the public though (until it's audited by your team).

@doctrinebot commented on GitHub (Jul 20, 2015): Comment created by @ocramius: No problem :-) I'm keeping the issue hidden to the public though (until it's audited by your team).
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
BC Break
Bug
Can't Fix
Deprecation
Documentation
DQL
Duplicate
Failing Test
Hacktoberfest
Improvement
Improvement
Incomplete
Invalid
Missing Tests
New Feature
PR Created
pull-request
Mirrored from GitHub Pull Request
 Question
Regression
Status: Waiting feedback
Waiting feedback
WIP
Won't Fix
No Label Bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
admin
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: doctrine/archived-orm#4681
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?