Parameterized Queries

[bnickel]

Sorry if this has been asked before. I couldn't find a similar question in search.

I'd like to know how to do parameterized queries. I am getting a 'Data passed to CMSMS\Database\Statement::Bind must be an associative array' error when trying with the following code:

Code: Select all

        $sql = <<<EOT
select @last_paid_snapshot_id := max(snapshot_id) from ark_voter_ledger where amount < 0 and voter_address = :addressLastSnapshot;
select SQL_CALC_FOUND_ROWS
    l.id,
    l.voter_address,
    l.amount, l.description,
    l.ledger_date,
    l.entered_by,
    l.snapshot_id,
    s.block_id,
    s.forged_ark,
    @b := @b + amount as running_balance
from
    (select @b := 0.0) as dummy
cross join
    ark_voter_ledger l
join
    ark_snapshot s
on
    s.id = l.snapshot_id
where
    voter_address = :address
and
    l.snapshot_id > @last_paid_snapshot_id
and
    l.amount > 0;
EOT;
        $db = \cms_utils::get_db();
        $stmt = $db->Prepare($sql);
        $parameters = array(':addressLastSnapshot'=>$this->wallet_address, ':address'=>$this->wallet_address);
        $stmt->Bind($parameters);
        $this->_rs = $stmt->Execute();

I've tried with ? syntax as well as just hard-coding the values in $parameters. I'd really like to make sure my module is not subject to sql injection. Please help

[bnickel]

Disregard. This is a result of me being a noob with ADOdb.

1. Multiple statements aren't supported. I had to use two queries.
2. I had to use the ? syntax with Execute($sql, array(x,y));