1

Edit 1: this is not about LIMIT , this is about passing an integer. Other function that requires to pass numbers is IN

Edit 2: Should I use PDO::PARAM_INT ?

When I do this:

$query .=  ' LIMIT ? , ? ';
$values [] =  $offset ;
$values [] = $rows ;

At this line:

$db->fetchAll ( $query ,   $values);

Instead of execute:

SELECT .......  LIMIT 0 ,  10;

It tries to execute:

SELECT .......  LIMIT '0' ,  '10';

Causing an error: Error Code: 1064. You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''0' ,'10''

Note 1. I know that there is an option for limit in the $params array..

Note 2. There is a question related here

Note 3. I have tried: $values [] = intval($offset), $values [] = (int)$offset, and even an integer like: $values [] = 10

Community
  • 1
  • 1
Francisco Corrales Morales
  • 3,676
  • 1
  • 37
  • 64
  • possible duplicate of [How to Limit the paginate in cakephp](http://stackoverflow.com/questions/6152416/how-to-limit-the-paginate-in-cakephp) – Prix Mar 24 '14 at 22:43
  • @prix, Thanks, but this is not about LIMIT, I just put it there as an example, but I have some query that also require passing integers. – Francisco Corrales Morales Mar 24 '14 at 22:52
  • Though I think you should use prepared statements, if you can find nothing else that works, you could just force `$offset` and `$rows` to int, and then just concatenate them into your query, rather than doing a prepared statement. Though I don't like this solution much, it should be secure as long as you make sure that $offset and $rows are integers. – Kai Mar 24 '14 at 23:38

1 Answers1

0

I dunno about Cake but in PDO you should use both intval and PDO::PARAM_INT- none of them would do separately.

In my PDO wrapper I have this issue fixed, allowing first code to run without errors, but I doubt you would bother with implementing it for your framework

Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
  • I'll try `PDO::PARAM_INT` later, and let you know if that works. What is your PDO wrapper ?, can you show it ? – Francisco Corrales Morales Mar 25 '14 at 15:50
  • Don't bother with letting me know - I already know it works :) It's very little wrapper, aimed to solve this very problem by means of extending PDOStatement class https://github.com/colshrapnel/thebestpdowrapper/blob/master/bestpdo.php - frankly, it does the same things I told you above - it casts to int **and** binds using PARAM_INT, but doing it automatically – Your Common Sense Mar 25 '14 at 15:54