Forums

Help with PHP Variables

acevedo.jose32 15 Dec, 2024

Hello, i think i am a little lost with this error using PHP code:

// Import Joomla's database classes
use Joomla\CMS\Factory;
use Joomla\CMS\Table\Table;

// Get the database connection
$db = Factory::getDbo();

// Create a new query object
$query = $db->getQuery(true);

$nombre = $this->data['text_2'];

// Execute the query
$db->setQuery("SELECT * FROM Contratos Where Nombre like '%" $nombre "%'");

// Load the results as an array of objects
$results = $db->loadAssocList();

return $results;

 I just try to pass the text i have in the variable text_2, but every time i get a similar error. Maybe someone can tell me what i am doing wrong.

If i use this Sentence works fine:

$db->setQuery("SELECT * FROM Contratos Where Nombre like '%Mike%'");

Thank you so much.

Max_admin 15 Dec, 2024

The execute the query line is wrong, here is how it should be:

$db->setQuery("SELECT * FROM Contratos Where Nombre like '%".$nombre."%'");

and you could use the "Read Data" for this query instead of writing the whole thing in custom PHP

Max, ChronoForms developer
ChronoMyAdmin: Database administration within Joomla, no phpMyAdmin needed.
ChronoMails simplifies Joomla email: newsletters, logging, and custom templates.
Max_admin 16 Dec, 2024
Answer

no problem, but I want to note that when you use $this->data variable in the query without escaping you are making your code vulnerable to SQL injection, you should have used this code in your PHP:

return  "%".$this->data["text_2"]."%";

then you could use a Read Data action and in the "Where Statement" you could use:

Nombre LIKE {var.quote:php-name}

where "php-name" is the name of the PHP action

Max, ChronoForms developer
ChronoMyAdmin: Database administration within Joomla, no phpMyAdmin needed.
ChronoMails simplifies Joomla email: newsletters, logging, and custom templates.
acevedo.jose32 16 Dec, 2024

Ok Thank you so much Max i will make the change.

You need to login to be able to post a reply.