Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature request: Check if order column exists in fields in case it was specified on $options in Cursor->load() #1222

Open
jotmaster opened this issue May 4, 2021 · 0 comments

Comments

@jotmaster
Copy link

Hello,

So today I monitoring my applications I run into this error generated by an user:
"message": "PDOStatement: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'DESC2cw390h2re LIMIT 8' at line 1"

The orderby specified on the GET request was "id DESC2cw390h2re" which of course is an invalid one.
One way to maybe prevent this by having it inherited by all models could be the following:
File -> /fatfree/lib/db/cursor.php

    /**
    *	Map to first record that matches criteria
    *	@return array|FALSE
    *	@param $filter string|array
    *	@param $options array
    *	@param $ttl int
    **/
    function load($filter=NULL,array $options=NULL,$ttl=0) {
          $this->reset();
          
          if ($options && $options['order']) {
              if (!array_key_exists($options['order'], $this->fields)) {
	              throw new \InvalidArgumentException("Order by column ({$options['order']}) doesn't exists in the fields");
              }
          }
          
          return ($this->query=$this->find($filter,$options,$ttl)) &&
              $this->skip(0)?$this->query[$this->ptr]:FALSE;
    }

Or something similar.

Thanks in advance.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant