ENGCOM-8022: Fix SQL query quoting/casting when type is passed to whe…

…re function #27980 - Merge Pull Request #27980 from tmotyl/magento2:fix_type_casting - Merged commits: 1. 0118d48 2. b8dd6b3 3. 6c41578 4. 4860f31 5. a103b64
magento · Sep 22, 2020 · 7948822 · 7948822
2 parents 390505a + a103b64
commit 7948822
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 5 deletions.
diff --git a/lib/internal/Magento/Framework/DB/Adapter/Pdo/Mysql.php b/lib/internal/Magento/Framework/DB/Adapter/Pdo/Mysql.php
@@ -21,6 +21,7 @@
 use Magento\Framework\DB\Query\Generator as QueryGenerator;
 use Magento\Framework\DB\Select;
 use Magento\Framework\DB\SelectFactory;
+use Magento\Framework\DB\Sql\Expression;
 use Magento\Framework\DB\Statement\Parameter;
 use Magento\Framework\Exception\LocalizedException;
 use Magento\Framework\Phrase;
@@ -1511,10 +1512,10 @@ public function select()
      * Method revrited for handle empty arrays in value param
      *
      * @param string $text The text with a placeholder.
-     * @param mixed $value The value to quote.
-     * @param string $type OPTIONAL SQL datatype
+     * @param array|null|int|string|float|Expression|Select|\DateTimeInterface $value The value to quote.
+     * @param int|string|null $type OPTIONAL SQL datatype of the given value e.g. Zend_Db::FLOAT_TYPE or "INT"
      * @param integer $count OPTIONAL count of placeholders to replace
-     * @return string An SQL-safe quoted value placed into the orignal text.
+     * @return string An SQL-safe quoted value placed into the original text.
      */
     public function quoteInto($text, $value, $type = null, $count = null)
     {

diff --git a/lib/internal/Magento/Framework/DB/Select.php b/lib/internal/Magento/Framework/DB/Select.php
@@ -7,6 +7,7 @@
 
 use Magento\Framework\App\ResourceConnection;
 use Magento\Framework\DB\Adapter\AdapterInterface;
+use Magento\Framework\DB\Sql\Expression;
 
 /**
  * Class for SQL SELECT generation and results.
@@ -108,8 +109,8 @@ public function __construct(
      * </code>
      *
      * @param string $cond The WHERE condition.
-     * @param string|array|null $value OPTIONAL An optional single or array value to quote into the condition.
-     * @param string|int|null $type OPTIONAL The type of the given value
+     * @param array|null|int|string|float|Expression|Select|\DateTimeInterface $value The value to quote.
+     * @param int|string|null $type OPTIONAL SQL datatype of the given value e.g. Zend_Db::FLOAT_TYPE or "INT"
      * @return \Magento\Framework\DB\Select
      */
     public function where($cond, $value = null, $type = null)