DataTables
Advanced interaction
features for your tables.
Editor
Comprehensive editing
library for DataTables.
Manual
Download
Show site navigation

Can't bind data in where clause (SQL error)

Can't bind data in where clause (SQL error)

Loulou90Loulou90 Posts: 11Questions: 4Answers: 0
edited April 2022 in Free community support

Hello,
I wanted to respond to this post but I can't.

https://datatables.net/forums/discussion/71655/where-bind-error-an-sql-error-occurred-sqlstate-hy093-invalid-parameter-number-number-of-bound

I have exactly the same problem except that I cannot use the last solution proposed by Allan because I send a data in POST

{fieldErrors: [],…}
cancelled: []
data: []
debug: [{,…}]
0: {,…}
bindings: [{name: ":file_name", value: "Abcd", type: null}]
query: "SELECT  ... WHERE `file_name` = `:file_name` "
error: "An SQL error occurred: SQLSTATE[42S22]: Column not found: 1054 Unknown column ''Abcd'' in 'where clause'",
fieldErrors: []
ipOpts: []

How can I do ?

Thanks you

Answers

  • allanallan Posts: 63,542Questions: 1Answers: 10,476 Site admin

    If it is sent as a POST parameter can you not just do:

    $q->where('users.title', $_POST['myparam']);

    ?

    Allan

  • Loulou90Loulou90 Posts: 11Questions: 4Answers: 0

    Hello,
    I prefer to avoid because I don't know what data a user can send and it is therefore to avoid sql injection attacks

    like you talk about here (https://editor.datatables.net/manual/php/conditions)

  • rf1234rf1234 Posts: 3,000Questions: 87Answers: 421

    In Allan's example binding isn't disabled. So the POST parameter will be bound by Editor automatically.

Sign In or Register to comment.

DataTables

DataTables designed and created by SpryMedia Ltd.
© 2007-2023 MIT licensed. Privacy policy. Supporters.
SpryMedia Ltd is registered in Scotland, company no. SC456502.