As you needed to rewrite the query, isn't in an opportunity to remove the injection of the ids in the query and use params in execute()? Even though categ_ids are supposed to be safe here, the correct way is to use the query parameters.
« Back to merge proposal
As you needed to rewrite the query, isn't in an opportunity to remove the injection of the ids in the query and use params in execute()? Even though categ_ids are supposed to be safe here, the correct way is to use the query parameters.