0

Yup... it's one of these.

Well, I am currently working on something that we can call a social network. I am using the Slim Framework with PDO and it's my very first job as well as my very first project. So, the problem is that I have a string in my Controller, but I want to pass it on to the model, but after it goes to the model( I've tested with print_r to see if it does pass and it does ) the bindParam doesn't seem to put it on the query.

The function would be this one:

    public static function obterTagsDasPessoas($ids)
{
    $container = getContainer();
    $query = $container->db->prepare("SELECT * FROM Pessoas_tags WHERE :ids");
    $query->bindParam(':ids', $ids, PDO::PARAM_STR);
    $query->execute();

    $result = $query->fetchAll();
    return $result;
}

I've tried changing to bindValue, since I saw that it is better for text. I don't know what's happening because it doesn't give any errors; it just doesn't seem to apply that bindParam and then procedes. Inside the $ids is id_Pessoas = 1 OR id_Pessoas = 4 which should complement the query up there. I've tried copying it to phpmyadmin and mySql and it gives me the expected results, it just doesn't work with that function.

Am I doing anything wrong? Thanks in advance.

Bruno Dias
  • 13
  • 1
  • 4
  • Is `$ids` an array? Or a string? – Nima Jul 08 '18 at 12:07
  • Right now it's a string, but it was generated from an array. I got ids from a table and generated a string that would give me something like "id_Pessoas = 1 OR id_Pessoas = 2 OR id_Pessoas = 3" depending on the number of ids. – Bruno Dias Jul 08 '18 at 12:19
  • You can use `WHERE IN` instead. – Nima Jul 08 '18 at 12:21
  • That's what kawsar joy sugested in the comments of his answer but I'm not being able to make it work, for some reason. I never used WHERE IN nor argument unpacking. – Bruno Dias Jul 08 '18 at 12:23
  • Then you definitely should read about it, otherwise you end up writing code that is probably vulnerable and hard to maintain. – Nima Jul 08 '18 at 12:37
  • I did it! Should I accept the only answer that there is? I did in an adapted way of kawsar joy's solution. – Bruno Dias Jul 08 '18 at 12:49
  • If that answer is the answer you qualify as an accepted solution, of course. – Nima Jul 09 '18 at 06:56

1 Answers1

1

I think you should send a single id such as 1 or 4 in your $ids parameter.

Then edit your query as

$query = $container->db->prepare("SELECT * FROM Pessoas_tags WHERE id_Pessoas=:ids");

I think this should work.

joy
  • 164
  • 1
  • 7
  • It would but I need to send every single one of them and I never know how many ids would be needed for the query. – Bruno Dias Jul 08 '18 at 11:41
  • you can send array in $ids parameter then in query use where in $query = $container->db->prepare("SELECT * FROM Pessoas_tags WHERE IN id_Pessoas :ids"); Then use $query->bind_param('ids', ...$ids); – joy Jul 08 '18 at 11:49
  • Could you exemplify? – Bruno Dias Jul 08 '18 at 11:51
  • $ids parameter should contain only ids as single dimensional array like $ids = array(1, 4, 8); Then in bind param ...$ids is called argument unpacking ... is splat operator. – joy Jul 08 '18 at 11:59
  • https://stackoverflow.com/questions/920353/can-i-bind-an-array-to-an-in-condition – Nima Jul 08 '18 at 12:35
  • I saw the link you sent Nima. I am going to try to generate the code with the commas ( something like "1, 2, 4") and put in the query complementing the WHERE IN. I'm come back as soon as I get results. Thanks for both of your help. – Bruno Dias Jul 08 '18 at 12:45