I am building the site and planning on implementing OpenID. I can get an OpenID URL back from Google, but Doctrine appears to do funny things with URLs in the where clause of my query. How can I fix that?
Here is the function
/* This function queries docrtrine for a user OpenID URL
* and returns the user object.
*/
function getUserByUserOpenIDURL ($userOpenIDURL) {
$q = Doctrine_Query::create()
->select('*')
->from('jsgUserOpenID as u')
->where('openid_url = ' . $userOpenIDURL);
return $q->fetchOne();
}
Here is the error from the page
Fatal error: Uncaught exception ‘Doctrine_Exception’ with message ‘Couldn’t find class www’ in /Library/WebServer/Documents/ResearchPM/lib/Doctrine/Table.php:299 Stack trace: #0 /Library/WebServer/Documents/ResearchPM/lib/Doctrine/Table.php(256): Doctrine_Table->initDefinition() #1 /Library/WebServer/Documents/ResearchPM/lib/Doctrine/Connection.php(1126): Doctrine_Table->__construct(‘www’, Object(Doctrine_Connection_Mysql), true) #2 /Library/WebServer/Documents/ResearchPM/lib/Doctrine/Query.php(1934): Doctrine_Connection->getTable(‘www’) #3 /Library/WebServer/Documents/ResearchPM/lib/Doctrine/Query.php(1732): Doctrine_Query->loadRoot(‘www’, ‘www’) #4 /Library/WebServer/Documents/ResearchPM/lib/Doctrine/Query.php(713): Doctrine_Query->load(‘www.google’) #5 /Library/WebServer/Documents/ResearchPM/lib/Doctrine/Query/Where.php(121): Doctrine_Query->parseClause(‘https://www.goo…’) #6 /Library/WebServer/Documents/ResearchPM/lib/Doctrine/Query/Where.php(81): Doctrine_Query_Where->_buildSql(‘openid_url’, ‘=’, ‘https://www.goo.. in /Library/WebServer/Documents/ResearchPM/lib/Doctrine/Table.php on line 299
Youre not escaping variables appropiately.
There is two methods, by named or positional wildcards:
Or
This properly escapes the variables you’re inserting, and makes your app secure against sql-injection