Using mysql's INTERVAL with prepared statement
I prepare my DB request for prevent SQL injection with the extension Mysqlnd. A request like this work on my site :
SELECT a, b FROM table where a = ?;
This next request doesn't work on my site:
SELECT a, b FROM table where b > DATE_SUB(CURRENT_TIMESTAMP(),INTERVAL ? ?);
Error log : PHP Fatal error: Call to a member function execute() on a non-object in ..." This is because the syntax of the request is wrong.
When I try it in my DB IDE, the double question mark count as one and not as 2 parameters.
How can I resolve this problem ?
With a placeholder, you can bind only data literals, in other words - strings and numbers.
INTERVAL accepts two arguments, expression and unit.
While the expression part is a number and can be bound all right, the unit part is a keyword and therefore cannot be bound. So you can only whitelist it. Here is a white-listing function I wrote that could help with the matter.
$unit = white_list($_GET['unit'], ["DAY","MINUTE","SECOND"], "Invalid time unit name");
$sql = "SELECT a, b FROM table where b > DATE_SUB(CURRENT_TIMESTAMP(),INTERVAL ? $unit)";
it is not very tidy but at least concise and safe.
- Modify string from one column before inserting into another
- Check if a Category contains any products that are on sale in WooCommerce?
- Symfony / Doctrine - Display products from database by category children and parent
- Innacurate query with LIKE statement
- Drupal 6: replace jquery version on single page
- Laravel - CNAME + Subdomain Routing
- Sonata admin PRE_SUBMIT form event makes admin twig variable null
- WooCommerce custom Loop - Attribute filters not working
- Add class whenever a WordPress category is displayed
- Import an Excel file using AJAX and Laravel
- Child function which calls parent abstract function?
- Laravel Middleware error: Argument #1 ($content) must be of type ?string, Illuminate\Routing\Redirector given
- Update association with doctrine and Symfony 2.7
- Not displaying the .success element after submitting the form
- PHP and SQL Shopping Cart is Not Adding Products to Shopping Cart
- Remove non-utf8 characters from string
- Laravel 5 error SQLSTATE[HY000] [1045] Access denied for user 'homestead'@'localhost' (using password: YES)
- How can I get a database running on Symfony
- Laravel: Auth::user()->id trying to get a property of a non-object
- How to create custom helper functions in Laravel
- How to execute some code BEFORE logout in WordPress
- multiple image upload issue while editing images in codeigniter php
- Symfony 7.0 AssetMapper: JS Files Only Load on Initial Page Load or After F5 Refresh
- Twilio TaskRouter: Need Help in Conference Call
- Wordpress - No value for custom post type column
- How to add/update custom cart item data in the cart page
- Laravel Filament library magic
- curl error 28 for composer update/install laravel
- Xpath reverse searching
- PHP Scrape nested pages