Using mysql's INTERVAL with prepared statement
I prepare my DB request for prevent SQL injection with the extension Mysqlnd. A request like this work on my site :
SELECT a, b FROM table where a = ?;
This next request doesn't work on my site:
SELECT a, b FROM table where b > DATE_SUB(CURRENT_TIMESTAMP(),INTERVAL ? ?);
Error log : PHP Fatal error: Call to a member function execute() on a non-object in ..." This is because the syntax of the request is wrong.
When I try it in my DB IDE, the double question mark count as one and not as 2 parameters.
How can I resolve this problem ?
With a placeholder, you can bind only data literals, in other words - strings and numbers.
INTERVAL accepts two arguments, expression and unit.
While the expression part is a number and can be bound all right, the unit part is a keyword and therefore cannot be bound. So you can only whitelist it. Here is a white-listing function I wrote that could help with the matter.
$unit = white_list($_GET['unit'], ["DAY","MINUTE","SECOND"], "Invalid time unit name");
$sql = "SELECT a, b FROM table where b > DATE_SUB(CURRENT_TIMESTAMP(),INTERVAL ? $unit)";
it is not very tidy but at least concise and safe.
- Merge two different array
- Merge two indexed arrays without overwriting elements in first array
- Merge items from two multidimensional arrays related by first level indexes
- Laravel PHPUnit mock Request
- Webservice connecting do database with IOS, PHP, REST API, JSON
- Group rows of a 2d array by a column and push rows as subarrays of each group
- How to move Laravel 11 public folder?
- How to return an array from a non-native function call?
- Group 2d array rows by one column and sum another column within each group
- How to get the ID of a payment method in Woocommerce?
- SSL - Access non secure API from secure page
- Some characters in CSV file are not read during PHP fgetcsv()
- Differentiate between a browser GUI request and an AJAX request
- Generate JavaScript with Twig on Symfony 3.0 without interfering with {} in JavaScript code
- Overwrite row data in a 2d array when related data is found in another 2d array
- Merge two flat arrays in an alternating fashion
- combine php array, with matching values
- Missing php_apcu.dll for PHP 8.2 / APCu 5.1.22?
- Array Match & Add Values to First array
- PDOException “could not find driver”
- Merge multple 2d associative arrays into one consolidated 2d associative array
- MySQL query to get column names?
- Bitfinex API V2 BUG apikey: invalid code 10100
- How to check whether a mysql select statement result has a value or not in php?
- SetEnv with php.ini
- Php mb_ereg_match faulty match
- Laravel 8+, pass request into route manually, is it possible?
- How to change Monolog's default date timezone globally in Symfony 2?
- How to add a class alias in Laravel
- How to check and delete existing profile image before updating with a new one?