I currently have:
$subQuery = $dbo->buildStatement(
array(
'fields' => array(
"CASE
WHEN
Application.program_type_id = 3
AND Application.program_type_id IS NOT NULL
THEN {$keys['program_type_id_program_type_id']}
ELSE 0
END as program_type_score,
CASE
WHEN
Application.priority_subject_area_id = 1
AND Application.priority_subject_area_id IS NOT NULL
THEN {$keys['priority_subject_area_id_priority_subject_area_id']}
ELSE 0
END as priority_subject_area_priority_subject_area_score,
User.*"
),
'table' => $dbo->fullTableName($this),
'alias' => 'User',
'limit' => null,
'offset' => null,
'joins' => $joins,
'conditions' => array(
'Application.state' => 'accepted',
'Role.role' => 'mentor'
),
'order' => null,
'group' => null
),
$this->User
);
I need to change the case statements from this:
CASE
WHEN
Application.program_type_id = 3
AND Application.program_type_id IS NOT NULL
THEN {$keys['program_type_id_program_type_id']}
ELSE 0
END as program_type_score
to this:
CASE
WHEN
Application.program_type_id = $user['User']['value']
AND Application.program_type_id IS NOT NULL
THEN {$keys['program_type_id_program_type_id']}
ELSE 0
END as program_type_score
How do I escape $user['User']['value']? Would Sanitize::escape() work, however, it is already deprecated.
I use the single quotes in php so the way I would do this would be:
'CASE
WHEN
Application.program_type_id = '.$user['User']['value'].'
AND Application.program_type_id IS NOT NULL
THEN {$keys['program_type_id_program_type_id']'}
ELSE 0
END as program_type_score'
enter code here
and you should be done.
One of the reasons I prefer the single quotes. sometimes a itsybitsy more work, but usualy no worry about escaping things. Atleast als long you don't mix HTML with Javascript using PHP variables. Then it gets always messy.
Hope that helps.
It seems that CakePHP does the escaping by itself on the find() method, as the docs say: http://book.cakephp.org/2.0/en/core-utility-libraries/sanitize.html#sql-escaping