getvivekv / PHP MySQLi Class / issues / #4 - Operator — Bitbucket

Issue #4 resolved

Former user created an issue 2014-02-08

My sql with operator doesn't not working.

$sql = "DELETE FROM 'mytable' WHERE myfield < 10" by example $db->query($sql)->execute() ;

Comments (4)

davidthomas_scorbal
This is because query() uses filter_var which chokes on the "<". I'd call this a severe bug as it breaks valid SQL, and the comments clearly indicate that this function should execute raw SQL.
- 2014-02-17T15:58:13+00:00
Vivek N repo owner
Issue #5 was marked as a duplicate of this issue.
- 2014-02-19T06:20:50+00:00

nargotik

Simply change

public function query($query)
    {
        $this -> _query = filter_var($query, FILTER_SANITIZE_STRING);
        return $this;
    }

to

public function query($query,$filtered=false)
    {
                if ($filtered == false {
                     $this -> _query = $query;
                } else {
             $this -> _query = filter_var($query, FILTER_SANITIZE_STRING);
              return $this -> _query;
                }
    }

Then if you want to filter the query call ->query($sql,true) for filter or ->query($sql) for unfiltered

Personally I dont like my queries filtered as I check the fields first of setting a query.

2014-02-26T13:04:04+00:00

Vivek N repo owner
- changed status to resolved
The issue has been resolved on v1.2.6 version. Thanks @nargotik
- 2014-02-26T18:16:36+00:00
Log in to comment

Assignee: –

Type: bug

Priority: minor

Status: resolved

Votes: 1

Watchers: 3

Jira: the preferred issue tracker for Bitbucket. Join the team!