Object of class Symfony\Component\HttpFoundation\ParameterBag could not be converted to string

Question

Symfony version(s) affected: ~4.0

Description I am using laravel(5.6.*) and write simple eloquent query as follows.

$query = "something";
$products = Product::
where('title', $query)
->paginate($limit);

But i get "Object of class Symfony\Component\HttpFoundation\ParameterBag could not be converted to string"

Yesterday it is working perfectly fine and today i don't know what happened. Please help me with this. I am providing simple search functionality using that query.

Please check screen shot for more information.

Update

Please look at new code but still no luck in that.

function get(Request $request) {
        $limit = 10;
        $query = "";
        if ($request->has('limit')) {
            $limit = $request->limit;
        }
        if ($request->has('query')) {
            $query = $request->query;
        }

        $products = Product::
                where('title','like', '%'.$query.'%')
                ->orWhere('variant_title', 'like', '%'.$query.'%')
                ->orWhere('variant_sku', 'like', '%'.$query.'%')
                ->orWhere('tags', 'like', '%'.$query.'%')
                ->paginate($limit);


        $products = $products->withPath('/products');
        return $products;
    }

Shouldn't your `where` function look like `where('title', '=', $query)`? — Jason Roman, Jun 28 '18 at 17:21

score 21 · Accepted Answer · answered Jun 29 '18 at 06:21

Oh man after lots of hours debugging finally i found that
You cannot use "query" key for your request as it is used in package.

I feel like they should mention parameters they used in classes.

So final code would be like this.

function get(Request $request) {
    $limit = 10;
    $str = "";
    if ($request->has('limit')) {
        $limit = $request->limit;
    }
    if ($request->has('str')) {
        $str = $request->str;
    }

    $products = Product::
            where('title','like', '%'.$str.'%')
            ->orWhere('variant_title', 'like', '%'.$str.'%')
            ->orWhere('variant_sku', 'like', '%'.$str.'%')
            ->orWhere('tags', 'like', '%'.$str.'%')
            ->paginate($limit);


    $products = $products->withPath('/products');
    return $products;
}

I bet this query is now vulnerable to SQL injection attack. You should use prepared statements - https://www.doctrine-project.org/projects/doctrine-orm/en/2.6/reference/query-builder.html#binding-parameters-to-your-query — dmnptr, Jun 29 '18 at 17:40

score 2 · Answer 2 · answered Jun 28 '18 at 17:51

2

It looks like your $query is not a string but an object of class Symfony\Component\HttpFoundation\ParameterBag. Is it coming from Request? Try to get the value from it, something like:

$queryValue = $query->get('value_field_name');

answered Jun 28 '18 at 17:51

dmnptr

4,258
1
20
19

Object of class Symfony\Component\HttpFoundation\ParameterBag could not be converted to string

2 Answers2

Linked