Best practice: generating queries with data sent with AJAX
I have a search form in my application where data is being submitted to the backend which returns a table with the results. The query is dynamically constructed like this: All fields in $_POST['data'] are filtered against an allowed list of fields for that certain category of query. Fields that are empty are thrown away. This is also done when saving data, by the way. Now this is totally okay with fields that consist of one word. But I have some complex JOINs in some of the queries and the PDO complains about ambiguous fields some times (for example 'id'). What should I do to best handle this situation? I don't want the user to manipulate my queries, but still want to generate them simply like I do today: case 'id': case 'company': $where .= ' AND `' . $field . '` = :' . $field; ...
Simply fully qualify each field name with the name of the table which contains it. You HAVE to do this otherwise, supposing you have 2 tables "category" & "item", both with a field called "name", which contain the names of their respective objects, how else will you decide which one you want to reference.
If you are joining table A and table B, when referencing A's id column, make sure you specify A.id, that way id is no longer an "ambiguous field".
How is it possible to efficiently implement a reverse proxy in a PHP?
When using 'strlen' in PHP the '>' character makes everything that comes after it appear on the screen as code [duplicate]
Write large Wordpress XML File, instead of displaying in browser.w
Problems with Custom Forms in Invision Power Services (IPS) Forums
how to access content of mysqli result object directly?
AWS presigned url for assests in S3 bucket
Yii2 save() creating DB row with default values
PHP date is always being returned as 01 January 1970 instead of null
Join each dynamically created checkbox array to its own comma separated list
Just need a simple if … else statement to work
I cannot figure out why I am getting this MySQL syntax error (PHP PDO) (MySQL)
Adding an option “Select all” to an EntityType Field returns the error “Unable to reverse value for property path”
Table Generator plugin not visible to Author role [WordPress]
sqlite & windows: Not enough storage is available to complete this operation and CoInitialize has not been called
Friendly links with $_GET
Cant retrive cell values in my for loops. Gets stuck in infinit loop