SSP::complex error

SSP::complex error

OfficerBROfficerBR Posts: 7Questions: 1Answers: 0

Link to test case:
Debugger code (debug.datatables.net):
Error messages shown:
Description of problem:

My problem happened after I needed to insert a WHERE clause in the server side processing php script.

with the class :

SSP::simple( $_GET, $sql_details, $table, $primaryKey, $columns)

... the script works.

and when i switch to class :

SSP::complex($_GET, $dbDetails, $table, $primaryKey, $columns , null, "NAME = 'ADMIN'" )

... the script presents an error in the search field, when typing any letter, a pop up appears informing the following:

DataTables warning: table id=memListTable - SQL error occurred: SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens.

Does this problem have a solution in php 8?

This question has an accepted answers - jump to answer

Answers

  • OfficerBROfficerBR Posts: 7Questions: 1Answers: 0

    I didn't provide a test case because I'm using the exact same code as the example on the page:

    https://datatables.net/examples/data_sources/server_side

  • OfficerBROfficerBR Posts: 7Questions: 1Answers: 0

    I tested it in versions 7.4, 7.3 and 7.2 of php and it worked... in version 8.0 error happens.

    @allan you can check the error in that url :

    https://hellatos.000webhostapp.com/datatable-error.html

  • OfficerBROfficerBR Posts: 7Questions: 1Answers: 0

    Debugger code : ufocit

  • allanallan Posts: 61,446Questions: 1Answers: 10,054 Site admin

    Many thanks for letting me know about this. I would have sworn we had a bug for this already, but I can't find it! I'll get it fixed for the next DataTables release.

    Regards,
    Allan

  • OfficerBROfficerBR Posts: 7Questions: 1Answers: 0

    Glad to hear the bug will be fixed in the future, but I was hoping for an answer with an immediate solution. :'(

    do you have an ETA for the next version?

    Can you think of any temporary solution that is safe?

  • allanallan Posts: 61,446Questions: 1Answers: 10,054 Site admin

    I will try to get it done as soon as possible and will post back here when done.

    Allan

  • allanallan Posts: 61,446Questions: 1Answers: 10,054 Site admin

    I'm actually having a problem reproducing this error - I've got my system set up with PHP 8.0.2 and I was using:

    echo json_encode(
        SSP::complex( $_GET, $sql_details, $table, $primaryKey, $columns, null, 'first_name LIKE "A%"' )
    );
    

    And all warnings and errors turned on, but no error - it just works

    Might be worth using the latest SSP class? It hasn't changed in a while though.

    What database are you using? The error seems to be coming from it rather than specifically from PHP. I wonder if a driver has been tightened up between releases or something.

    Allan

  • OfficerBROfficerBR Posts: 7Questions: 1Answers: 0

    MariaDB 10.5.12

  • allanallan Posts: 61,446Questions: 1Answers: 10,054 Site admin
    Answer ✓

    Thanks - I managed to reproduce the error in the end. I had to have it submit a search parameter to ensure that there were bindings, then when it failed on the "all" filter.

    I've make this commit to address the error. The full file is available here.

    Note also that I've added the ability to properly bind parameters to prevent SQL injection attacks on the complex condition. You can now use:

    [
      'condition' => 'name = :name',
      'bindings' => [
        ':name' => $_POST['name']
      ]
    ]
    

    for example rather than just a plain string.

    Allan

  • m26gorjim26gorji Posts: 4Questions: 2Answers: 0

    hi

    I changed my ssp file but I have an error in php 8

    Do I need to change this part, if necessary, how can I change this part

    SSP::complex( $_POST, $table, 'id', $columns, "status = 1");

    thank you

  • allanallan Posts: 61,446Questions: 1Answers: 10,054 Site admin

    I have an error in php 8

    What error the want about the wrong number of bound parameters?

    It looks like you are missing the database connection information which should be passed in as the second parameter to complex. The function signature is:

        static function complex ( $request, $conn, $table, $primaryKey, $columns, $whereResult=null, $whereAll=null )
    

    Allan

  • tobinfekkestobinfekkes Posts: 1Questions: 0Answers: 0

    Thank you all, and Allen, for this fix.

    I had a staging site on 7.4 and everything worked great with the $where as a simple string condition type = 'vendor', and committed it. Then pulled it to the live server, and got this error. After a couple hours of pulling my hair out cause it works on staging, I discovered the fix here.

    Thank you!

    P.S. In all my years of software, ShipStation and DataTables/Editor are tied for first at the top of the charts for best software. Ever. Keep it up, Allen.

  • allanallan Posts: 61,446Questions: 1Answers: 10,054 Site admin

    Thank you very much! We'll get a new version of DataTables with the patch properly released soon :)

    Allan

Sign In or Register to comment.