/** * {@inheritdoc} */ public function getByField($field, $value, ServerRequestInterface $request = null) { $query = sprintf('SELECT * FROM %s WHERE %s.%s IN (:%s)', $this->getTable(), $this->getTable(), $field, $field); $rules = []; if ($request instanceof ServerRequestInterface) { $rules = $this->parseQueryString($request->getUri()->getQuery()); } if (is_array($value)) { if (!array_key_exists('sort', $rules)) { $query .= sprintf(' ORDER BY FIND_IN_SET(%s.%s, ' . $this->dbal->quote(implode(',', $value)) . ')', $this->getTable(), $field); } else { $entity = $this->getEntityType(); $entity = new $entity(); $mapping = $entity->getMapping(); $whitelist = array_keys($mapping); $query .= $this->buildSortPart($rules['sort'], $this->getTable(), $whitelist); } } // @todo - allow extra filtering from request $params = [$field => $value]; $collection = $this->buildCollection($this->dbal->fetchAll($query, $params))->setTotal($this->countByField($field, $value)); $this->decorate($collection, StoreInterface::ON_READ); return $collection; }
/** * * Quotes a value for use in an SQL statement. * * @param mixed $value The value to quote. * * @param int $parameter_type A data type hint for the database driver. * * @return mixed The quoted value. * * @see http://php.net/manual/en/pdo.quote.php * */ public function quote($value, $parameter_type = PDO::PARAM_STR) { return $this->pdo->quote($value, $parameter_type); }