search

n1crack / datatables

Simplify your Datatables server-side processing effortlessly using our lightning-fast PHP library, streamlining your workflow seamlessly.
https://datatables.ozdemir.be/
MIT License
267 stars 90 forks source link

Mysql PDO #99

Closed 13ran closed 5 months ago

13ran commented 5 months ago

How can I safetly use user submitted parameters in the query? Is there a way to bind them?

n1crack commented 5 months ago

Hi,

You can use :

    $path = dirname(__DIR__).'/database/Chinook_Sqlite_AutoIncrementPKs.sqlite';

    $dt = new Ozdemir\Datatables\Datatables(new Ozdemir\Datatables\DB\SQLite($path));
    $dt->query('Select TrackId, Name, UnitPrice from Track where TrackId < :trackid')->escape('trackid', 4);

    return $dt->generate();

or (added v.2.3.10)

    $path = dirname(__DIR__).'/database/Chinook_Sqlite_AutoIncrementPKs.sqlite';

    $dt = new Ozdemir\Datatables\Datatables(new Ozdemir\Datatables\DB\SQLite($path));
    $dt->query('Select TrackId, Name, UnitPrice from Track where TrackId < :trackid', ['trackid' => 4]);

    return $dt->generate();
13ran commented 5 months ago

Thank you!