mariadb error syntax $query .= " ORDER BY s.first_name, s.last_name LIMIT ? OFFSET ?"

T

titotettey

New member
// Add sorting and pagination
$query .= " ORDER BY s.first_name, s.last_name LIMIT ? OFFSET ?";
$params = array_merge($params, [$perPage, $offset]);
$types .= 'ii';
// Get students
$stmt = $pdo->prepare($query);
$stmt->execute($params);
$students = $stmt->fetchAll(PDO::FETCH_ASSOC);
 
titotettey said:
// Add sorting and pagination
$query .= " ORDER BY s.first_name, s.last_name LIMIT ? OFFSET ?";
$params = array_merge($params, [$perPage, $offset]);
$types .= 'ii';
// Get students
$stmt = $pdo->prepare($query);
$stmt->execute($params);
$students = $stmt->fetchAll(PDO::FETCH_ASSOC);
Click to expand...
If $perPage or $offset are not integers, the SQL execution may fail or return incorrect results.
Also, if the SQL query is not properly constructed before execution, it could lead to SQL injection.

Try this:
PHP: 
// Validate perPage and offset
$perPage = isset($perPage) && is_numeric($perPage) ? (int)$perPage : 10; // Default to 10 if not set
$offset = isset($offset) && is_numeric($offset) ? (int)$offset : 0; // Default to 0 if not set

// Add sorting and pagination
$query .= " ORDER BY s.first_name, s.last_name LIMIT ? OFFSET ?";
$params = array_merge($params, [$perPage, $offset]);
$types .= 'ii';

// Get students
$stmt = $pdo->prepare($query);
$stmt->execute($params);
$students = $stmt->fetchAll(PDO::FETCH_ASSOC);
 
You must log in or register to reply here.
Back
Top