Doctrine querybuilder not working for my SQL statement in PHP

Question

Please forgive me, I am fairly new to programming.

Basically, I am trying to run a SQL statement without making it susceptible to SQL Injections

I tried running my code but it is having issues here:

$manager = this->getDoctrine()->getManager();
$builder = $manager->getRepository('AppBundle:User')->createQueryBuilder('u');
$builder->select('*')
        ->from('home_users', 'u')
        ->where(u.username LIKE :pattern');
$query = $builders->getQuery();
$query->setParameter('pattern', "%pattern%");
$users = $query->getResult();

I am trying to use the Doctrine QueryBuilder in this guideline: https://www.doctrine-project.org/projects/doctrine-orm/en/2.7/reference/query-builder.html

Any help will be much appreciated

Answer 1

• For Your Solution

  $pattern ="You pattern her";
  
  $manager      = this->getDoctrine()->getManager();
  $userRepo     = $manager->getRepository('AppBundle:User');
  $queryBuilder = $userRepo->createQueryBuilder('u');
  
  $queryBuilder->select('u')
        ->where('u.username LIKE :pattern')
        ->setParameter('pattern', '%'.$pattern.'%');
  
  $users = $queryBuilder->getQuery()->getResult();
  

• You can do a little bit improvement for Evolution Reutilisation , Clean code & Best practices

1. In UserRepository

    public function findUsersLikePattern(string $pattern = null)
    {
        $queryBuilder = $this->createQueryBuilder('u')
                              ->select('u');
   
        if ($pattern) {
            $queryBuilder
                ->where('u.username LIKE :pattern')
                ->setParameter('pattern', '%' . $pattern . '%');
   
        }
   
        return $queryBuilder->getQuery()->getResult();
   
    }
   

2. in controller

    $pattern ="You pattern her";
   
    $manager    = this->getDoctrine()->getManager();
    $users     = $manager->getRepository('AppBundle:User')->findUsersLikePattern($pattern);