Steps to reproduce the bug:
- Create query string with WHERE clause containing LIKE.
- The argument passed to the LIKE condition is a named placeholder.
- The LIKE condition contains the % wildcard leading and trailing the value.
- The value is escaped with $injected_database->escapeLike() (NOTE: The InvalidArgumentException is still thrown if I don't escape the value)
- The value is a string of three numbers including: "000", "005", "123"
What behaviour I'm expecting:
- $injected_database->query($queryString, [':param' => '%' . $injected_database->escapeLike($search) . '%']);
will replace all instances in $queryString where ':param' exists with: '%123%' assuming $search = "123";
What happened instead:
Uncaught PHP Exception InvalidArgumentException: "$string ("") must be a string." at /core/lib/Drupal/Core/StringTranslation/TranslatableMarkup.php line 132
Postponed: needs info
9.5
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
ARe you sure this has actual results?
->condition('p.id', $pnoQuery, 'IN')
->condition('o.id', $oeQuery, 'IN');
ie if $pnoQuery or $oeQuery are empty, this will likely error. You should check they're not empty before adding the conditions.