Help with PHP Variables

Question

Hello, i think i am a little lost with this error using PHP code:

// Import Joomla's database classes
use Joomla\CMS\Factory;
use Joomla\CMS\Table\Table;

// Get the database connection
$db = Factory::getDbo();

// Create a new query object
$query = $db->getQuery(true);

$nombre = $this->data['text_2'];

// Execute the query
$db->setQuery("SELECT * FROM Contratos Where Nombre like '%" $nombre "%'");

// Load the results as an array of objects
$results = $db->loadAssocList();

return $results;

I just try to pass the text i have in the variable text_2, but every time i get a similar error. Maybe someone can tell me what i am doing wrong.

If i use this Sentence works fine:

$db->setQuery("SELECT * FROM Contratos Where Nombre like '%Mike%'");

Thank you so much.

Max_admin · Accepted Answer

no problem, but I want to note that when you use $this->data variable in the query without escaping you are making your code vulnerable to SQL injection, you should have used this code in your PHP:

return  "%".$this->data["text_2"]."%";

then you could use a Read Data action and in the "Where Statement" you could use:

Nombre LIKE {var.quote:php-name}

where "php-name" is the name of the PHP action

Forums

Help with PHP Variables