Send parameters via GET

5

I am making a request as follows.

http://localhost/sistema-agenda-server/tarefas/listAll?id=1

I asked to see the response in the generated sql and got the following answer:

SELECT * FROM tarefas WHERE idu_tar=:id

: id was not changed to 1.

    public function get_listAll($id = null, $filtroData = null, $filtroDuracao = null, $ordem = null)
    {

        $sql = "SELECT * FROM tarefas WHERE idu_tar=:id ";
        $vars = array(':id' => $id);

        if(!is_null($filtroData))
        {
            $sql .= " AND datf_tar = :filtroData";
            $vars[':filtroData'] = $filtroData;
        }
        if(!is_null($filtroDuracao))
        {
            $sql .= " AND tee_tar = :filtroDuracao";
            $vars[':filtroDuracao'] = $filtroDuracao;
        }
        if(!is_null($ordem))
        {
            $sql .= " ORDER BY :ordem";
            $vars[':ordem'] = $ordem;
        }
        else
        {
            $sql .= " ORDER BY gra_tar";
        }

        $stmt = DB::prepare($sql);
        $stmt->execute($vars);
        $tarefas = $stmt->fetchAll();

        if($tarefas != null)
            return $tarefas;
        else
            throw new Exception("Erro ao obter tarefas!");
    }

If I change:

$vars = array(':id' => $id); to $vars = array(':id' => $_GET['id']) ; it works. I believe it to be something simple. Can someone help me?

This is the route according to the controller, action, and parameter specification for my classes:

$app->get('/:controller/:action(/:parameter)',
    function ($controller, $action, $parameter = null) use($app){
        include_once "classes/{$controller}.php";
        $classe = new $controller();
        $retorno = call_user_func_array(array($classe, "get_" . $action), array($parameter));
        echo '{"result":' . json_encode($retorno) . '}';
});
    
asked by anonymous 05.11.2015 / 01:05

3 answers

1

Your query is returning a syntax error when it is $ordem has some value something like:

  

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order by

For two reasons, first execute() sends all arguments as string, second it is not possible to bind with the column name. But there is a hack where it is possible to pass the index of the column and type it as int, this works in mysql.

    
05.11.2015 / 02:12
0

Before running the PDO you need to bind in the parameters, for example below, you are assigning a direct bind in your array, I have never seen it used in this way.

//exemplo de bind
$stmt->bindParam("id", $vars['id']);
$stmt->execute();

Below is the insert example of a task control application that I have developed:

public function insertTask($dadosTask)
{
  try{
        $query = "INSERT INTO tasks (title_task,description) VALUES (:titulo,:descricao)";
        $query = Database::getInstance()->prepare($query);
        $query->bindParam("titulo", $dadosTask->title_task);
        $query->bindParam("descricao", $dadosTask->description);
        return $query->execute();
     }catch(PDOException $e){
        echo $e->getMessage();
     }
}
    
05.11.2015 / 02:08
0
$app->get('/:controller/:action(/:parameter)', function ($controller, $action, $parameter = null) use($app)
                                                {
                                                    include_once "classes/{$controller}.php";
                                                    $classe = new $controller();
                                                    $retorno = call_user_func_array(array($classe, "get_" . $action), array($parameter));
                                                    echo '{"result":' . json_encode($retorno) . '}';
                                                });
    
05.11.2015 / 02:58