php


Best practice: generating queries with data sent with AJAX


I have a search form in my application where data is being submitted to the backend which returns a table with the results. The query is dynamically constructed like this:
All fields in $_POST['data'] are filtered against an allowed list of
fields for that certain category of query.
Fields that are empty are thrown away.
This is also done when saving data, by the way. Now this is totally okay with fields that consist of one word. But I have some complex JOINs in some of the queries and the PDO complains about ambiguous fields some times (for example 'id').
What should I do to best handle this situation? I don't want the user to manipulate my queries, but still want to generate them simply like I do today:
case 'id':
case 'company':
$where .= ' AND `' . $field . '` = :' . $field;
...
Simply fully qualify each field name with the name of the table which contains it. You HAVE to do this otherwise, supposing you have 2 tables "category" & "item", both with a field called "name", which contain the names of their respective objects, how else will you decide which one you want to reference.
If you are joining table A and table B, when referencing A's id column, make sure you specify A.id, that way id is no longer an "ambiguous field".

Related Links

How is it possible to efficiently implement a reverse proxy in a PHP?
When using 'strlen' in PHP the '>' character makes everything that comes after it appear on the screen as code [duplicate]
Write large Wordpress XML File, instead of displaying in browser.w
Problems with Custom Forms in Invision Power Services (IPS) Forums
how to access content of mysqli result object directly?
AWS presigned url for assests in S3 bucket
Yii2 save() creating DB row with default values
PHP date is always being returned as 01 January 1970 instead of null
Join each dynamically created checkbox array to its own comma separated list
Just need a simple if … else statement to work
I cannot figure out why I am getting this MySQL syntax error (PHP PDO) (MySQL)
Adding an option “Select all” to an EntityType Field returns the error “Unable to reverse value for property path”
Table Generator plugin not visible to Author role [WordPress]
sqlite & windows: Not enough storage is available to complete this operation and CoInitialize has not been called
Friendly links with $_GET
Cant retrive cell values in my for loops. Gets stuck in infinit loop

Categories

HOME
opengl
firebase
macos-sierra
openxml
activex
compilation
tcsh
website
out-of-memory
yql
gentelella
ipv6
linker
cisco
jpa-criteria
clickable-image
watch-os-3
phpstorm-2017.1
mailgun
multiple-tables
jest
gitkraken
workday
coreldraw
device
substring
animated-gif
pyopencl
function-points
jpa-2.1
pubxml
boolean-logic
region
openbr
winsock
steam-web-api
char-pointer
jfxtras
subclassing
testlink
xvfb
ms-dos
cheat-engine
word-cloud
autorelease
intellij-lombok-plugin
ol3-google-maps
brightscript
hibernate-ogm
subforms
winmerge
glassfish-4.1
rcharts
word-2016
oracle-fusion-apps
java-2d
nclam
jenkins-workflow
strpos
timestamping
jeditable
textblock
univocity
vim-plugin
outlook.com
decidable
srv-record
pythonxy
mobilefirst-server
cache-manifest
ipod
webproject
console.log
deque
python-curses
subview
nesper
inequality
producer
webautomation
mfmessagecomposeview
neo4jphp
commenting
rails-api
gpu-programming
jmenubar
xsd2code
acitree
google-code-prettify
apportable
objective-c-runtime
jacob
notin
multiple-dispatch
zend-pdf
stretch
msinfo32
taskkill
yuidoc
affinetransform
memory-pool
litespeed
rtd
tablet-pc
3des
explicit
multiple-users
fgetc
browser-based
version-control-migration
word-automation

Resources

Encrypt Message