"SQL translate error: Extra placeholder" when using prepared statements - php
I'm trying to use prepared statements in my SQL but I can't get it working. I'm getting error "SQL translate error: Extra placeholder" when I add something like this to my code
if ($cpucooler_socket != "") {
$myArray = explode(',', trim($cpucooler_socket));
for ($i = 0; $i < count($myArray); $i++) {
if(count($myArray)>1) {
$socket = $myArray[$i];
if ($i === 0) {
$query .= " AND (socket LIKE ?";
$query_params[] = '%' . $socket . '%';
} else if ($i === count($myArray) - 1) {
$query .= " OR socket LIKE ?)";
$query_params[] = '%' . $socket . '%';
} else {
$query .= " OR socket LIKE ?";
$query_params[] = '%' . $socket . '%';
}
} else {
$query .= " AND socket LIKE ?";
$query_params[] = '%' . $socket . '%';
}
}
}
What am I doing wrong? What is the right syntax that I should be using in this case? If I don't use the for loop and I add only for example this instead:
$query .= " AND socket LIKE ?";
$query_params[] = '%' . $myArray[0] . '%';
then it's working fine. Here is my full code if it helps:
public function getCompatibleMb($case_format_dosky, $cpu_socket, $ram_typ, $pocet_ram, $intel_socket, $amd_socket, $select_after_id, $search) {
$cpucooler_socket = null;
if(isset($intel_socket) || isset($amd_socket)){
if ($intel_socket != null && $amd_socket != null) {
$cpucooler_socket = $intel_socket.", ".$amd_socket;
} else if($intel_socket != null) {
$cpucooler_socket = $intel_socket;
} else if ($amd_socket != null){
$cpucooler_socket = $amd_socket;
}
} else {
$cpucooler_socket = null;
}
$query_params = array();
$query = "SELECT id encryptid, id,produkt,vyrobca,dostupnost,cena,socket,series,chipset,form_factor,bluetooth,wifi,rgb,m2,sata3,sietova_karta,zvukova_karta,pci_express_3_0,pci_express_4_0,pci_express_5_0,ram_type,ram_slots,rezim_ram,max_mhz_ram,mosfet_coolers,crossfire_support,sli_support,raid_support,audio_chipset,audio_channels,ext_connectors,int_connectors,max_lan_speed,pci_x16_slots,pci_x4_slots,pci_x1_slots,m2_ports,usb_2_0,usb_3_2_gen_1,usb_3_1_gen_2,usb_3_2_gen_2,sata_3_ports,img_count,produkt_number,vyrobca_url FROM mb_list WHERE dostupnost=1";
if ($cpu_socket != "") {
$query .= " AND socket = ?";
$query_params[] = $cpu_socket;
} else {
if ($cpucooler_socket != "") {
$myArray = explode(',', trim($cpucooler_socket));
for ($i = 0; $i < count($myArray); $i++) {
if(count($myArray)>1) {
$socket = $myArray[$i];
if ($i === 0) {
$query .= " AND (socket LIKE ?";
$query_params[] = '%' . $socket . '%';
} else if ($i === count($myArray) - 1) {
$query .= " OR socket LIKE ?)";
$query_params[] = '%' . $socket . '%';
} else {
$query .= " OR socket LIKE ?";
$query_params[] = '%' . $socket . '%';
}
} else {
$query .= " AND socket LIKE ?";
$query_params[] = '%' . $socket . '%';
}
}
}
}
if ($ram_typ != "") {
$query .= " AND ram_type = ?";
$query_params[] = $ram_typ;
}
if ($pocet_ram != "") {
$query .= " AND ram_slots >= ?";
$query_params[] = $pocet_ram;
}
if($case_format_dosky !="") {
$myArray = explode(',', trim($case_format_dosky));
for ($i = 0; $i < count($myArray); $i++) {
if(count($myArray)>1) {
$formfactor = trim($myArray[$i]);
if ($i === 0) {
$query .= " AND (form_factor = ?";
$query_params[] = $formfactor;
} else if ($i === count($myArray) - 1) {
$query .= " OR form_factor = ?";
$query_params[] = $formfactor;
} else {
$query .= " OR form_factor = ?)";
$query_params[] = $formfactor;
}
} else {
$query .= " AND form_factor LIKE ?";
$query_params[] = '%' . $formfactor . '%';
}
}
}
if ($select_after_id != "") {
$decrypted = $this->McryptServices->decryptData($select_after_id);
$query .= " AND id > ?";
$query_params[] = $decrypted;
}
if ($search != "") {
$new_search = str_replace(" ", "%",$search);
$query .= " AND produkt LIKE ?";
$query_params[] = '%'.$new_search.'%';
}
$query .= " LIMIT 32";
$vytah = $this->Database->query($query, $query_params)->fetchAll();
$arr[] = $vytah;
foreach ($arr[0] as $key => $value) {
$arr[0][$key]->{'encryptid'} = $this->McryptServices->encryptData($arr[0][$key]->{'id'});
}
return json_encode($arr);
}
This is the response after an error:
"line":225,"args":[["string","SELECT id encryptid, id,produkt,vyrobca,dostupnost,cena,socket,series,chipset,form_factor,bluetooth,wifi,rgb,m2,sata3,sietova_karta,zvukova_karta,pci_express_3_0,pci_express_4_0,pci_express_5_0,ram_type,ram_slots,rezim_ram,max_mhz_ram,mosfet_coolers,crossfire_support,sli_support,raid_support,audio_chipset,audio_channels,ext_connectors,int_connectors,max_lan_speed,pci_x16_slots,pci_x4_slots,pci_x1_slots,m2_ports,usb_2_0,usb_3_2_gen_1,usb_3_1_gen_2,usb_3_2_gen_2,sata_3_ports,img_count,produkt_number,vyrobca_url FROM mb_list WHERE dostupnost=1 AND (form_factor = ? OR form_factor = ? OR form_factor = ?) LIMIT 32"],["array",[["string","ATX"],["string","mATX (Micro ATX)"],["string","mITX (Mini ITX)"]]]]}
Related
PDO prepared statements keep giving my boolean type error when preparing string
I need help with my PDO prepared statements.
I know my code is not sanitized and is probably open to a lot of hell, but first I need to overcome this error before I can move on to sanitize my code.
I am trying to write a prepared statement with the WHERE clause, and somehow it keeps giving me an error that I am using a string for a type boolean. But what boolean??
I added a few vardumps before the error. It is in the counting part of my code.
After which, I would also take some pointers on how to make prepared statements out of user input.
I know, it is dangerous, but perhaps I can sanitize all the inner_join, outer_join etc into allowed table names using a in_array after a database table and column name check.
The reason I need to allow this user input is that I am making a website where people can make their own queries to the database and retrieve whatever info they need. But they should only be able to SELECT. Not UPDATE or DROP!
<?php
// Select existing
require_once('ajaxDBQuery.php');
if(!isset($included)) {
$_GET = json_decode($_GET["json"], true);
} else {
$_GET = json_decode($json, true);
}
class GET extends ajaxDBQuery
{
function __construct() {
parent::__construct($_GET['db']);
// ------------------------------------------------
$page = 0;
if (isset($_GET['offset']) && !empty($_GET['offset'])) {
$page = filter_var($_GET['offset'], FILTER_SANITIZE_NUMBER_INT);
}
$per_page = 20;
if (isset($_GET['limit']) && !empty($_GET['limit'])) {
$per_page = filter_var($_GET['limit'], FILTER_SANITIZE_NUMBER_INT);
}
if(isset($_GET['where']) && !empty($_GET['where'])) {
$sqlcount = "SELECT count(*) AS total_records FROM {$_GET['from']['table']} WHERE :test";
$statement = $this->conn->prepare($sqlcount);
var_dump($sqlcount);
var_dump($statement);
var_dump($_GET['where']);
$statement->bindParam(':test', $_GET['where'], PDO::PARAM_STR);
$statement->execute();
} else {
$sqlcount = "SELECT count(*) AS total_records FROM {$_GET['from']['table']}";
$statement = $this->conn->prepare($sqlcount);
$statement->execute();
}
$row = $statement->fetch();
$total_records = $row['total_records'];
$total_pages = ceil($total_records / $per_page);
$offset = ($page) * $per_page;
// ------------------------------------------------
$sql = "SELECT ";
for($i = 0; $i < count($_GET['select']['columns']); $i++) {
if($i == 0) {
$sql .= "{$_GET['select']['columns'][$i]}";
} else {
$sql .= ", {$_GET['select']['columns'][$i]}";
}
}
//{$_GET['select']['columns'][0]}
$sql .= " FROM {$_GET['from']['table']}";
(isset($_GET['from']['as']) && ($_GET['from']['as']) !== "") ? $sql .= " AS {$_GET['from']['as']}" : $sql .= "";
(isset($_GET['inner_join']['table']) && ($_GET['inner_join']['table']) !== "") ? $sql .= " INNER JOIN {$_GET['inner_join']['table']}" : $sql .= "";
(isset($_GET['inner_join']['as']) && ($_GET['inner_join']['as']) !== "") ? $sql .= " AS {$_GET['inner_join']['as']}" : $sql .= "";
if(isset($_GET['inner_join']['on']) && ($_GET['inner_join']['on']) !== "") {
for($i = 0; $i < count($_GET['inner_join']['on']); $i++) {
if($i == 0) {
$sql .= " ON {$_GET['inner_join']['on'][$i]}";
} else {
$sql .= " AND {$_GET['inner_join']['on'][$i]}";
}
}
}
(isset($_GET['left_join']['table']) && ($_GET['left_join']['table']) !== "") ? $sql .= " LEFT JOIN {$_GET['left_join']['table']}" : $sql .= "";
(isset($_GET['left_join']['as']) && ($_GET['left_join']['as']) !== "") ? $sql .= " AS {$_GET['left_join']['as']}" : $sql .= "";
if(isset($_GET['left_join']['on']) && ($_GET['left_join']['on']) !== "") {
for($i = 0; $i < count($_GET['left_join']['on']); $i++) {
if($i == 0) {
$sql .= " ON {$_GET['left_join']['on'][$i]}";
} else {
$sql .= " AND {$_GET['left_join']['on'][$i]}";
}
}
}
(isset($_GET['left_outer_join']['table']) && ($_GET['left_outer_join']['table']) !== "") ? $sql .= " LEFT OUTER JOIN {$_GET['left_outer_join']['table']}" : $sql .= "";
(isset($_GET['left_outer_join']['as']) && ($_GET['left_outer_join']['as']) !== "") ? $sql .= " AS {$_GET['left_outer_join']['as']}" : $sql .= "";
if(isset($_GET['left_outer_join']['on']) && ($_GET['left_outer_join']['on']) !== "") {
for($i = 0; $i < count($_GET['left_outer_join']['on']); $i++) {
if($i == 0) {
$sql .= " ON {$_GET['left_outer_join']['on'][$i]}";
} else {
$sql .= " AND {$_GET['left_outer_join']['on'][$i]}";
}
}
}
(isset($_GET['where']) && ($_GET['where']) !== "") ? $sql .= " WHERE {$_GET['where']}" : $sql .= "";
(isset($_GET['order_by']) && ($_GET['order_by']) !== "") ? $sql .= " ORDER BY {$_GET['order_by']}" : $sql .= "";
(isset($_GET['direction']) && ($_GET['direction']) !== "") ? $sql .= " {$_GET['direction']}" : $sql .= "";
(isset($_GET['limit']) && ($_GET['limit']) !== "") ? $sql .= " LIMIT {$_GET['limit']}" : $sql .= "";
(isset($_GET['offset']) && ($_GET['offset']) !== "") ? $sql .= " OFFSET ".$_GET['offset'] * $_GET['limit']."" : $sql .= "";
$statement = $this->conn->prepare($sql);
$statement->execute();
// ------------------------------------------------
// set the resulting array to associative
$result = $statement->setFetchMode(PDO::FETCH_ASSOC);
$jsonArray = array();
//$jsonArray["totalrecords"] = $total_records;
$jsonArray["totalrecords"] = 1;
while ( ($row = $statement->fetch(PDO::FETCH_ASSOC) ) !== false) {
$jsonArray[] = $row;
}
// ------------------------------------------------
$this->return($jsonArray);
// ------------------------------------------------
}
private function return($jsonArray) {
header('Content-Type: application/json');
echo json_encode($jsonArray);
}
}
$query = new GET();
?>
OUTPUT:
string(56) "SELECT count(*) AS total_records FROM cb_cat WHERE :test"
object(PDOStatement)#3 (1) {
["queryString"]=>
string(56) "SELECT count(*) AS total_records FROM cb_cat WHERE :test"
}
string(27) "systemgrp BETWEEN 10 AND 19"
<br />
<b>Fatal error</b>: Uncaught PDOException: SQLSTATE[22P02]: Invalid text representation: 7 ERROR: invalid input syntax for type boolean: "systemgrp BETWEEN 10 AND 19" ...
Dynamic update statement - prepared statement
I am generating my MYSQL update statement dynamically in PHP. As I want my application to be secure to SQL injections I want to use the prepared statement function. But as I'm pretty experienced I'm struggling to do so. Below my code so far:
function sqlUpdate($tablename)
{
$connect = sqlConnect();
$updateString = "UPDATE " . $tablename . " SET ";
$columnname = getColumnname($tablename, false, true);
for ($k=0; $k<count($columnname, COUNT_RECURSIVE); $k++)
{
if ($k+1 < count($columnname, COUNT_RECURSIVE))
{
$updateString .= $columnname[$k] . " = '" . mysqli_real_escape_string($connect, $_POST[$columnname[$k]]) . "', ";
}
else
{
$updateString .= $columnname[$k] . " = '" . mysqli_real_escape_string($connect, $_POST[$columnname[$k]]) . "' WHERE " . $columnname[0] . " = '" . mysqli_real_escape_string($connect, $_POST[$columnname[0]]) . "';";
}
}
if(mysqli_query($connect, $updateString))
{
echo "Daten wurden erfolgreich aktualisiert! </br>";
}
else
{
echo "Es ist ein Fehler aufgetreten... </br>";
}
mysqli_close($connect);
}
My code is working fine at the moment but I'm not managing to get it to work with prepared statements. I hope my question is not too stupid. Can somebody share some thoughts how to realize it with my code or do I have to completly overthink my approach?
Sorry again for my noob question...
Thanks!
Thanks to everybody who answered I managed to get it to work. I used the call_user_func_array function and can now generate the prepared statements for UPDATE and INSERT in one function:
function preparedStatement($tableName, $action)
{
$connect = sqlConnect();
$stmt = $connect->stmt_init();
$columnname = getColumnname($tableName, false, true);
for ($k=0; $k<count($columnname, COUNT_RECURSIVE); $k++)
{
$fielddata[] = $columnname[$k];
$fieldvalue[] = $_POST[$columnname[$k]];
}
if ($action == "insert")
{
$fieldvalue[0] = " ";
}
$fieldvalue_join = implode(',', array_map('addquote', $fieldvalue));
$fieldvalue = explode(",",$fieldvalue_join);
$valueCount = count($fieldvalue);
$question_mark = array();
for($i=0; $i<$valueCount; $i++)
{
$question_mark[] = '?';
}
$join_question_mark = implode(",", $question_mark);
$types = '';
foreach($fieldvalue as $param)
{
if(is_int($param))
{
$types .= 'i'; //integer
}
elseif (is_float($param))
{
$types .= 'd'; //double
}
elseif (is_string($param))
{
$types .= 's'; //string
}
else
{
$types .= 'b'; //blob and unknown
}
}
if ($action == "insert")
{
$insertString = "INSERT INTO ".$tableName."(".implode(",",$fielddata).") VALUES (".$join_question_mark.");";
$stmt->prepare($insertString);
$bind_names[] = $types;
}
elseif ($action == "update")
{
$updateString = "UPDATE " . $tableName . " SET ";
for ($k=0; $k<count($columnname, COUNT_RECURSIVE); $k++)
{
if ($k+1 < count($columnname, COUNT_RECURSIVE))
{
$updateString .= $columnname[$k] . " = ?, ";
}
else
{
$updateString .= $columnname[$k] . " = ? WHERE " . $columnname[0] . " = '" . mysqli_real_escape_string($connect, $_POST[$columnname[0]]) . "';";
}
}
$stmt->prepare($updateString);
$bind_names[] = $types;
}
for ($i=0; $i<count($fieldvalue); $i++)
{
$bind_name = 'bind' . $i;
$$bind_name = $fieldvalue[$i];
$bind_names[] = &$$bind_name;
}
call_user_func_array(array($stmt,'bind_param'),$bind_names);
if($stmt->execute())
{
$insert_id=$stmt->insert_id;
$stmt->close();
return $insert_id;
}
else
{
echo "Fehler beim Ausführen der Aktion...";
}
}
function addquote($str)
{
if($str[0]=="'" || $str[0]=='"' && $str[strlen($str)-1]=="'" || $str[strlen($str)-1]=="'" )
{
$str=substr($str,1);
$str=substr($str,0,-1);
}
return sprintf("%s", $str);
}
function results in Notice: Undefined offset: 0 on one website but not the other
This is bizarre. I am working on a new website using WAMP on my pc and I copy and pasted the database functions I created from another site I worked on.
Below is the function. On this new site I'm getting an error (Notice: Undefined offset: 0) whenever there is nothing that matches in the database. But, on the other site (which is hosted externally) I never get that error (never have and I just tested it specifically to make sure).
Obviously, I could just put the "return $rows[0]" in an if statement to prevent this. But, I would like to know what is causing the problem in case I need to make some changes to the old site! I'm kind of worried!
There's also another difference. On the new site I get an error when the $order is NULL, saying that $s3 is undefined. Again, I can fix it easily by just defining it along with $s1 and $s2 at the beginning. But, it works fine on my other site and has for a long time. What on earth is the difference??
function get_row5($table, $field, $where1, $value1, $where2=NULL, $value2=NULL, $where3=NULL, $value3=NULL, $where4=NULL, $value4=NULL, $where5=NULL, $value5=NULL, $order=NULL) {
$rows = array();
global $conn;
connect();
$s1 = "SELECT $field FROM $table WHERE $where1" . '=' . "'$value1'";
$s2 = "";
if ($where2 != NULL) {
if ($value2 == NULL) {
$s2 = " and $where2 is NULL";
} else {
$s2 = " and $where2" . ' = ' . "'$value2'";
}
}
if ($where3 != NULL) {
if ($value3 == NULL) {
$s2 .= " and $where3 is NULL";
} else {
$s2 .= " and $where3" . ' = ' . "'$value3'";
}
}
if ($where4 != NULL) {
if ($value4 == NULL) {
$s2 .= " and $where4 is NULL";
} else {
$s2 .= " and $where4" . ' = ' . "'$value4'";
}
}
if ($where5 != NULL) {
if ($value5 == NULL) {
$s2 .= " and $where5 is NULL";
} else {
$s2 .= " and $where5" . ' = ' . "'$value5'";
}
}
if ($order != NULL) {
$s3 = " ORDER BY $order LIMIT 1";
}
$sql = $s1 . $s2 . $s3;
$result = $conn->query($sql);
while ($row = $result->fetch_assoc()) {
$rows[] = $row;
}
mysqli_free_result($result);
$conn->close();
return $rows[0];
}
You are geting this error because there is no row return from query you can overcome with following code
function get_row5($table, $field, $where1, $value1, $where2=NULL, $value2=NULL, $where3=NULL, $value3=NULL, $where4=NULL, $value4=NULL, $where5=NULL, $value5=NULL, $order=NULL) {
$rows = array();
global $conn;
connect();
$s1 = "SELECT $field FROM $table WHERE $where1" . '=' . "'$value1'";
$s2 = "";
$s3 = "";
if ($where2 != NULL) {
if ($value2 == NULL) {
$s2 = " and $where2 is NULL";
} else {
$s2 = " and $where2" . ' = ' . "'$value2'";
}
}
if ($where3 != NULL) {
if ($value3 == NULL) {
$s2 .= " and $where3 is NULL";
} else {
$s2 .= " and $where3" . ' = ' . "'$value3'";
}
}
if ($where4 != NULL) {
if ($value4 == NULL) {
$s2 .= " and $where4 is NULL";
} else {
$s2 .= " and $where4" . ' = ' . "'$value4'";
}
}
if ($where5 != NULL) {
if ($value5 == NULL) {
$s2 .= " and $where5 is NULL";
} else {
$s2 .= " and $where5" . ' = ' . "'$value5'";
}
}
if ($order != NULL) {
$s3 = " ORDER BY $order LIMIT 1";
}
$sql = $s1 . $s2 . $s3;
$result = $conn->query($sql);
while ($row = $result->fetch_assoc()) {
$rows[] = $row;
}
mysqli_free_result($result);
$conn->close();
if(count($rows))
return $rows[0];
else
return $rows; //<---empty row
}
Dynamic mysql query in prepared
I am creating dynamic query in PHP.
#$id = $_POST[id];
#$field1 = $_POST[field1];
#$field2 = $_POST[field2];
#$field3 = $_POST[field3];
$id = "id";
$field1 = "222";
$field2 = "787";
$field3 = "4444444";
$whereArr = array();
if($id != "") $whereArr[] = "id = {$id}";
if($field1 != "") $whereArr[] = "field1 = {$field1}";
if($field2 != "") $whereArr[] = "field2 = {$field2}";
if($field3 != "") $whereArr[] = "field3 = {$field3}";
$whereStr = implode(" AND ", $whereArr);
$query = "Select * from assignments WHERE {$whereStr}";
echo $query;
It is working fine.
Select * from assignments
WHERE id = id AND field1 = 222 AND field2 = 787 AND field3 = 4444444
I am getting the correct query but mysql is no longer maintained. So, I am using prepared statement like this.
$firstname = 'Patrick';
$lastname = 'Allaert';
$query = 'SELECT * FROM users';
$cond = array();
$params = array();
if (!empty($firstname)) {
$cond[] = "firstname = ?";
$params[] = $firstname;
}
if (!empty($lastname)) {
$cond[] = "lastname = ?";
$params[] = $lastname;
}
if (count($cond)) {
$query .= ' WHERE ' . implode(' AND ', $cond);
}
echo $query;
Problem is how can i bind the parameters.
$stmt->bind_param("sss", $firstname, $lastname, $email);
Thanks for your advise.
You can pass the array into the execute and it will bind the values of that array.
$firstname = 'Patrick';
$lastname = 'Allaert';
$query = 'SELECT * FROM users';
$cond = array();
$params = array();
if (!empty($firstname)) {
$cond[] = "firstname = ?";
$params[] = $firstname;
}
if (!empty($lastname)) {
$cond[] = "lastname = ?";
$params[] = $lastname;
}
if (count($cond)) {
$query .= ' WHERE ' . implode(' AND ', $cond);
}
$stmt = $pdo->prepare($query);
$stmt->execute($params);
You can see this approach on the manual as example #3. http://php.net/manual/en/pdo.prepared-statements.php
Mysqli approach:
$firstname = 'Patrick';
$lastname = 'Allaert';
$query = 'SELECT * FROM users';
$cond = array();
$params = array();
if (!empty($firstname)) {
$cond[] = "firstname = ?";
$params[] = $firstname;
}
if (!empty($lastname)) {
$cond[] = "lastname = ?";
$params[] = $lastname;
}
if (count($cond)) {
$query .= ' WHERE ' . implode(' AND ', $cond);
}
$stmt = $mysqli->prepare($query);
if(!empty($params)) {
$n = count($params);
$a_params[] = & str_repeat('s', $n);
for($i = 0; $i < $n; $i++) {
$a_params[] = & $params[$i];
}
call_user_func_array(array($stmt, 'bind_param'), $a_params);
}
$stmt->execute();
$res = $stmt->get_result();
while($row = $res->fetch_array(MYSQLI_ASSOC)) {
print_r($row);
}
No need for arrays in your script you can use script like below: $where = " 1=1"; if($id != "") $where .= " and id = $id "; if($field1 != "") $where .= " and field1 = '" . $field1 . "' "; if($field2 != "") $where .= " and field2 = '" . $field2 . "' "; if($field3 != "") $where .= " and field3 = '" . $field3 . "' "; $query = "Select * from assignments WHERE $where"; echo $query;
two methods in a class so close in what they do
I have this class that has these two methods that are so closely related to the each other. I do not want to pass the flags so I kept them separate. I was wondering if there is a way to rewrite it so that I do not have to repeat so closely!
class Test extends Controller
{
public static function nonFormattedData($param)
{
$arr = array();
if (is_array($param)) {
$i = 0;
$sql = "
select *
from table1
where
";
if (isset($param['startDate'])) {
$sql .= " date_created between ? AND ?";
$arr[] = $param['startDate'];
$arr[] = $param['endDate'];
$i++;
}
if (isset($param['amount']) && !empty($param['amount'])) {
if ($i > 0) $sql .= " AND ";
$sql .= " balance= ?";
$arr[] = $param['amount'];
$i++;
}
if (isset($param) && !empty($param['amount'])) {
if ($i > 0) $sql .= " AND ";
$sql .= " balance= ?";
$arr[] = $param['amount'];
$i++;
}
if (isset($param['createdBy']) && !empty($param['createdBy'])) {
if ($i > 0) $sql .= " AND ";
$sql .= " column2 like '%Created By: " . $param['createdBy'] . "%'";
}
$sql .= ' group by id.table1 ';
$rs = Query::RunQuery($sql, $arr);
foreach ($rs as $row) {
$records = new Account();
$results[] = $records;
}
return $results;
}
}
public static function formattedData($serArray, $orderBy = "giftcardaccount_id desc", $offset = 0, $limit = 10)
{
$arr = array();
if (is_array($param)) {
$i = 0;
$sql = "
select *
from table1
where
";
if (isset($param['startDate'])) {
$sql .= " date_created between ? AND ?";
$arr[] = $param['startDate'];
$arr[] = $param['endDate'];
$i++;
}
if (isset($param['amount']) && !empty($param['amount'])) {
if ($i > 0) $sql .= " AND ";
$sql .= " balance= ?";
$arr[] = $param['amount'];
$i++;
}
if (isset($param) && !empty($param['amount'])) {
if ($i > 0) $sql .= " AND ";
$sql .= " balance= ?";
$arr[] = $param['amount'];
$i++;
}
if (isset($param['createdBy']) && !empty($param['createdBy'])) {
if ($i > 0) $sql .= " AND ";
$sql .= " column2 like '%Created By: " . $param['createdBy'] . "%'";
}
$sql .= ' group by id.table1 ';
$rs = Query::RunQuery($sql, $arr);
return array("data" => $rs);
}
}
}
Why not have one method, but with an optional formatting options object/array?
public static function getData($params, $formatting = null) {
// continue as normal, adding formatting if it's there
}