CODEWITHSUNDEEP
phpjoomla
Ibnu Syuhada
Ibnu Syuhada

Reputation: 306

Joomla 2.5 JFactory query `where` clause does not work. What is wrong?

I have been writing a Joomla 2.5 module, in helper.php, I wrote the following code:

public static function getHello( $params )
{
    $db = JFactory::getDbo();
    $query = $db->getQuery(true);
    $clause = 'title like \'.$params\'';
    $query
        ->select(array('id','alias','extension'))
        ->from('#__categories')
        ->where($clause);

    // Reset the query using our newly populated query object.
    $db->setQuery($query);

    // Load the results as a list of stdClass objects.
    $results = $db->loadAssocList();

    return $results;
}

However, when I retrieve the query results, I always get an empty result. I think I was wrong in writing the syntax on the $clause variable, but I do not know how to solve the problem.

Upvotes: 0

Views: 1567

Answers (4)

Jack Ting
Jack Ting

Reputation: 571

just use

$clause = "title like {$db->quote($params)}";

or

$clause = "title like {$params}";

it's much easier for reading.

Upvotes: 0

nibra
nibra

Reputation: 4028

Your $clause variable

$clause = 'title like \'.$params\'';

contains the string

title like '.$params'

Obviously, you don't have a category with that name.

Some tipps:

  1. Avoid escaping of quotes. If you had used double quotes for the string, you might have seen the problem yourself:

    $clause = "title like '.$params'";

    The correct syntax is

    $clause = "title like '" . $params . "'";

  2. Always escape strings before submitting them to the database. Otherwise you're open to SQL attacks.

    $clause = "title like '" . $db->escape($params) . "'";

  3. Use the API. The database object provides a method to properly escape and quote strings.

    $clause = "title like " . $db->quote($params);

  4. Use uppercase for SQL keywords. That increases readability of SQL strings significantly.

    $clause = "title LIKE " . $db->quote($params);

Since you use LIKE, I assume you're looking for partial titles. In that case ensure that $params is surrounded with %, which is the SQL wildcard character.

Upvotes: 4

Jobin
Jobin

Reputation: 8282

try this

$clause = "title like '".$db->escape($params)."'";

or

$clause = 'title like "'.$db->escape($params).'"';

Upvotes: 1

Yogus
Yogus

Reputation: 2272

Can you try 

$clause = 'title like \'.$params\'';

to 

$clause = 'title like "'.$params.'"';

Upvotes: 1

Related Questions