我目前有:
$subQuery = $dbo->buildStatement(
array(
'fields' => array(
"CASE
WHEN
Application.program_type_id = 3
AND Application.program_type_id IS NOT NULL
THEN {$keys['program_type_id_program_type_id']}
ELSE 0
END as program_type_score,
CASE
WHEN
Application.priority_subject_area_id = 1
AND Application.priority_subject_area_id IS NOT NULL
THEN {$keys['priority_subject_area_id_priority_subject_area_id']}
ELSE 0
END as priority_subject_area_priority_subject_area_score,
User.*"
),
'table' => $dbo->fullTableName($this),
'alias' => 'User',
'limit' => null,
'offset' => null,
'joins' => $joins,
'conditions' => array(
'Application.state' => 'accepted',
'Role.role' => 'mentor'
),
'order' => null,
'group' => null
),
$this->User
);
我需要更改案例陈述:
CASE
WHEN
Application.program_type_id = 3
AND Application.program_type_id IS NOT NULL
THEN {$keys['program_type_id_program_type_id']}
ELSE 0
END as program_type_score
到此:
CASE
WHEN
Application.program_type_id = $user['User']['value']
AND Application.program_type_id IS NOT NULL
THEN {$keys['program_type_id_program_type_id']}
ELSE 0
END as program_type_score
如何逃避$user['User']['value']
?将Sanitize :: escape()工作,但是,它已被弃用。
答案 0 :(得分:0)
我在php中使用单引号,所以我这样做的方式是:
'CASE
WHEN
Application.program_type_id = '.$user['User']['value'].'
AND Application.program_type_id IS NOT NULL
THEN {$keys['program_type_id_program_type_id']'}
ELSE 0
END as program_type_score'
enter code here
你应该完成。
我更喜欢单引号的原因之一。有时候会有更多的工作,但通常不用担心逃避事情。至少你不会使用PHP变量将HTML与Javascript混合使用。然后它总是很乱。
希望有所帮助。
答案 1 :(得分:0)
似乎CakePHP在find()
方法上自行逃避,正如文档所说:http://book.cakephp.org/2.0/en/core-utility-libraries/sanitize.html#sql-escaping