I currently have:
$subQuery = $dbo->buildStatement(
array(
'fields' => array(
"CASE
WHEN
Application.program_type_id = 3
AND Application.program_type_id IS NOT NULL
THEN {$keys['program_type_id_program_type_id']}
ELSE 0
END as program_type_score,
CASE
WHEN
Application.priority_subject_area_id = 1
AND Application.priority_subject_area_id IS NOT NULL
THEN {$keys['priority_subject_area_id_priority_subject_area_id']}
ELSE 0
END as priority_subject_area_priority_subject_area_score,
User.*"
),
'table' => $dbo->fullTableName($this),
'alias' => 'User',
'limit' => null,
'offset' => null,
'joins' => $joins,
'conditions' => array(
'Application.state' => 'accepted',
'Role.role' => 'mentor'
),
'order' => null,
'group' => null
),
$this->User
);
I need to change the case statements from this:
CASE
WHEN
Application.program_type_id = 3
AND Application.program_type_id IS NOT NULL
THEN {$keys['program_type_id_program_type_id']}
ELSE 0
END as program_type_score
to this:
CASE
WHEN
Application.program_type_id = $user['User']['value']
AND Application.program_type_id IS NOT NULL
THEN {$keys['program_type_id_program_type_id']}
ELSE 0
END as program_type_score
How do I escape $user['User']['value']
? Would Sanitize::escape() work, however, it is already deprecated.