Skip to content

Commit 8f3bdd7

Browse files
gabrieldagamagabrieldagama
authored
ENGCOM-8022: Fix SQL query quoting/casting when type is passed to where function #27980 
2 parents d310727 + 7948822 commit 8f3bdd7

File tree

2 files changed

+7
-5
lines changed

2 files changed

+7
-5
lines changed

lib/internal/Magento/Framework/DB/Adapter/Pdo/Mysql.php

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@
2121
use Magento\Framework\DB\Query\Generator as QueryGenerator;
2222
use Magento\Framework\DB\Select;
2323
use Magento\Framework\DB\SelectFactory;
24+
use Magento\Framework\DB\Sql\Expression;
2425
use Magento\Framework\DB\Statement\Parameter;
2526
use Magento\Framework\Exception\LocalizedException;
2627
use Magento\Framework\Phrase;
@@ -1511,10 +1512,10 @@ public function select()
15111512
* Method revrited for handle empty arrays in value param
15121513
*
15131514
* @param string $text The text with a placeholder.
1514-
* @param mixed $value The value to quote.
1515-
* @param string $type OPTIONAL SQL datatype
1515+
* @param array|null|int|string|float|Expression|Select|\DateTimeInterface $value The value to quote.
1516+
* @param int|string|null $type OPTIONAL SQL datatype of the given value e.g. Zend_Db::FLOAT_TYPE or "INT"
15161517
* @param integer $count OPTIONAL count of placeholders to replace
1517-
* @return string An SQL-safe quoted value placed into the orignal text.
1518+
* @return string An SQL-safe quoted value placed into the original text.
15181519
*/
15191520
public function quoteInto($text, $value, $type = null, $count = null)
15201521
{

lib/internal/Magento/Framework/DB/Select.php

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@
77

88
use Magento\Framework\App\ResourceConnection;
99
use Magento\Framework\DB\Adapter\AdapterInterface;
10+
use Magento\Framework\DB\Sql\Expression;
1011

1112
/**
1213
* Class for SQL SELECT generation and results.
@@ -108,8 +109,8 @@ public function __construct(
108109
* </code>
109110
*
110111
* @param string $cond The WHERE condition.
111-
* @param string|array|null $value OPTIONAL An optional single or array value to quote into the condition.
112-
* @param string|int|null $type OPTIONAL The type of the given value
112+
* @param array|null|int|string|float|Expression|Select|\DateTimeInterface $value The value to quote.
113+
* @param int|string|null $type OPTIONAL SQL datatype of the given value e.g. Zend_Db::FLOAT_TYPE or "INT"
113114
* @return \Magento\Framework\DB\Select
114115
*/
115116
public function where($cond, $value = null, $type = null)

0 commit comments

Comments
 (0)