Parameterized Queries
Posted: Tue Nov 21, 2017 2:29 am
Sorry if this has been asked before. I couldn't find a similar question in search.
I'd like to know how to do parameterized queries. I am getting a 'Data passed to CMSMS\Database\Statement::Bind must be an associative array' error when trying with the following code:
I've tried with ? syntax as well as just hard-coding the values in $parameters. I'd really like to make sure my module is not subject to sql injection. Please help 
I'd like to know how to do parameterized queries. I am getting a 'Data passed to CMSMS\Database\Statement::Bind must be an associative array' error when trying with the following code:
Code: Select all
$sql = <<<EOT
select @last_paid_snapshot_id := max(snapshot_id) from ark_voter_ledger where amount < 0 and voter_address = :addressLastSnapshot;
select SQL_CALC_FOUND_ROWS
l.id,
l.voter_address,
l.amount, l.description,
l.ledger_date,
l.entered_by,
l.snapshot_id,
s.block_id,
s.forged_ark,
@b := @b + amount as running_balance
from
(select @b := 0.0) as dummy
cross join
ark_voter_ledger l
join
ark_snapshot s
on
s.id = l.snapshot_id
where
voter_address = :address
and
l.snapshot_id > @last_paid_snapshot_id
and
l.amount > 0;
EOT;
$db = \cms_utils::get_db();
$stmt = $db->Prepare($sql);
$parameters = array(':addressLastSnapshot'=>$this->wallet_address, ':address'=>$this->wallet_address);
$stmt->Bind($parameters);
$this->_rs = $stmt->Execute();