Reputation: 151
Selecting Data from Joomla SQL Table where any value is the variable
I am trying to select data from my database where any value in the columns id, name, username or email is the variable description. When i do this, I get an error 1054 saying the column for the value in $description is unknown - error shown below. What am I doing wrong?
Please note: The variable value used in the jinput is defined further up in the code, and as shown in the error below, it is properly assigned a value.
Thanks in advance
My code:
$db = JFactory::getDbo();
$query = $db->getQuery(true);
$description = $jinput->get('value', null , null);
$db->setQuery(" SELECT * FROM #__users WHERE MATCH(id, name, username, email) AGAINST ($description) ORDER BY #__users.name ");
$db->execute();
$results = $db->loadObjectlist();
This is my error:
Unknown column 'Ben' in 'where clause' SQL=SELECT * FROM tud_users WHERE MATCH(id, name, username, email) AGAINST (Ben) ORDER BY tud_users.name
Upvotes: 1
Views: 631
Answers (1)
Reputation: 559
You have to quote your description variable to avoid this error and sql injection vulnerability.
Here is the modified code :
$db = JFactory::getDbo();
$description = JFactory::getApplication()->input->getString('value','');
$db->setQuery("SELECT * FROM #__users WHERE MATCH(id, name, username, email) AGAINST (".$db->quote($description).") ORDER BY #__users.name ");
$db->execute();
$results = $db->loadObjectlist();
Use JFactory::getApplication()->input->getString('value',''); to retrieve the value you want.
Always quote content with the Joomla method $db->quote();
Upvotes: 2
Related Questions
- joomla mysql query with parameter like
- SQL query for Joomla
- Pass variable in MySQL query
- Selecting row where field = value error
- Joomla Select where 'column' in array
- Choosing specific sql data within curly braces
- Can't make query work with variable
- Retrieving mutiple row data from sql by php executed under joomla
- MySQL SELECT statement using PHP GET variable
- joomla sql query