Giters

bcosca / fatfree

A powerful yet easy-to-use PHP micro-framework designed to help you build dynamic and robust Web applications - fast!

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Feature request: Check if order column exists in fields in case it was specified on $options in Cursor->load()

jotmaster opened this issue · comments

commented

Hello,

So today I monitoring my applications I run into this error generated by an user:
"message": "PDOStatement: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'DESC2cw390h2re LIMIT 8' at line 1"

The orderby specified on the GET request was "id DESC2cw390h2re" which of course is an invalid one.
One way to maybe prevent this by having it inherited by all models could be the following:
File -> /fatfree/lib/db/cursor.php

    /**
    *	Map to first record that matches criteria
    *	@return array|FALSE
    *	@param $filter string|array
    *	@param $options array
    *	@param $ttl int
    **/
    function load($filter=NULL,array $options=NULL,$ttl=0) {
          $this->reset();
          
          if ($options && $options['order']) {
              if (!array_key_exists($options['order'], $this->fields)) {
	              throw new \InvalidArgumentException("Order by column ({$options['order']}) doesn't exists in the fields");
              }
          }
          
          return ($this->query=$this->find($filter,$options,$ttl)) &&
              $this->skip(0)?$this->query[$this->ptr]:FALSE;
    }

Or something similar.

Thanks in advance.