• twitter image
  • facebook image
  • youtube image
  • linkedin image
Language: CMS Made Simple Czech CMS Made Simple France CMS Made Simple Hungary CMS Made Simple Russia CMS Made Simple Netherlands

All times are UTC




Post new topic Reply to topic  [ 2 posts ] 
Author Message
 Post subject: Parameterized Queries
PostPosted: Tue Nov 21, 2017 2:29 am 
Offline
New Member
New Member

Joined: Tue Nov 21, 2017 2:21 am
Posts: 2
Sorry if this has been asked before. I couldn't find a similar question in search.

I'd like to know how to do parameterized queries. I am getting a 'Data passed to CMSMS\Database\Statement::Bind must be an associative array' error when trying with the following code:

Code:
        $sql = <<<EOT
select @last_paid_snapshot_id := max(snapshot_id) from ark_voter_ledger where amount < 0 and voter_address = :addressLastSnapshot;
select SQL_CALC_FOUND_ROWS
    l.id,
    l.voter_address,
    l.amount, l.description,
    l.ledger_date,
    l.entered_by,
    l.snapshot_id,
    s.block_id,
    s.forged_ark,
    @b := @b + amount as running_balance
from
    (select @b := 0.0) as dummy
cross join
    ark_voter_ledger l
join
    ark_snapshot s
on
    s.id = l.snapshot_id
where
    voter_address = :address
and
    l.snapshot_id > @last_paid_snapshot_id
and
    l.amount > 0;
EOT;
        $db = \cms_utils::get_db();
        $stmt = $db->Prepare($sql);
        $parameters = array(':addressLastSnapshot'=>$this->wallet_address, ':address'=>$this->wallet_address);
        $stmt->Bind($parameters);
        $this->_rs = $stmt->Execute();


I've tried with ? syntax as well as just hard-coding the values in $parameters. I'd really like to make sure my module is not subject to sql injection. Please help :)


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: Parameterized Queries
PostPosted: Tue Nov 21, 2017 4:20 pm 
Offline
New Member
New Member

Joined: Tue Nov 21, 2017 2:21 am
Posts: 2
Disregard. This is a result of me being a noob with ADOdb.

1. Multiple statements aren't supported. I had to use two queries.
2. I had to use the ? syntax with Execute($sql, array(x,y));


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
A2 Hosting