Replace raw query with named parameter

Fix possible issue with special chars on #3139

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>

diff --git a/app/DoctrineMigrations/Version20170719231144.php b/app/DoctrineMigrations/Version20170719231144.php
index 0c749150789378417fecfbb91638b7fe49026df0..265b539a88a50e7199af9defabc0438d693d6ce5 100644 (file)
--- a/app/DoctrineMigrations/Version20170719231144.php
+++ b/app/DoctrineMigrations/Version20170719231144.php
@@ -42,12 +42,13 @@ class Version20170719231144 extends AbstractMigration implements ContainerAwareI
             $label = $duplicates['LOWER(label)'];
 
             // Retrieve all duplicate tags for a given tag
-            $tags = $this->connection->query('
+            $tags = $this->connection->createQuery('
                 SELECT id
                 FROM   ' . $this->getTable('tag') . "
-                WHERE  LOWER(label) = '" . $label . "'
+                WHERE  LOWER(label) = :label
                 ORDER BY id ASC"
             );
+            $tags->setParameter('label', $label);
             $tags->execute();
 
             $first = true;