i wonder whats the correct way of finding objects from the database?
i know there's
$em->find()
$em->createQuery()
i guess createQuery will be more like prepared statements thus more secure?
how do i set named parameters in DQL?
$em->createQuery('select u from \Entities\Users u WHERE u.name = :name');
I think I found the answer here
$query = $em->createQuery('SELECT COUNT(a.id) FROM CmsUser u LEFT JOIN u.articles a WHERE u.username = ?1 GROUP BY u.id');
$query->setParameter(1, 'jwage');
$numArticles = $query->getResult(Query::HYDRATE_SINGLE_SCALAR);
setParameter()
I wonder though if find() does escape values?