Query works find in detail view, generates error when saving form

D

daneyul

New Member
I have an eval'ed query in a the default text area of a text area element--works fine to return the data I need in the detail view. But when I click SAVE in the Form it gives me an sql error.

I'm hoping someone can give me a pointer on what to look for--why does what seems to be a working query in an element's detail view..... blow up when it's saved in the form view? I'll put the error and then the query below if someone could shed some light on what easy thing I'm missing. (BTW, using the latest web version of Fabrik on Joomla 3.4.4. )

######
Fabrik has generated an incorrect query for the list Bios for Form Display: <br /><br /><pre>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'xhr" data-list="list_5_com_fabrik_5" class="fabrik___rowlink fabrik_edit" href=' at line 5 SQL=SELECT * FROM slq_tags AS u LEFT JOIN slq_contentitem_tag_map AS map ON (u.id = map.tag_id) LEFT JOIN slq_content AS cont ON (map.content_item_id = cont.id) WHERE u.title = "<a data-loadmethod="xhr" data-list="list_5_com_fabrik_5" class="fabrik___rowlink fabrik_edit" href="/joomla/administrator/index.php?option=com_fabrik&amp;task=form.view&amp;formid=5&amp;rowid=1">Susan H. Sharp</a>"</pre>
######



$db = JFactory::getDbo();

// Create a new query object.
$query = $db->getQuery(true);

$query->SELECT ('*');
$query->FROM ('slq_tags AS u');
$query->WHERE ('u.title = "{bios___Name}"');
$query->JOIN ('LEFT', 'slq_contentitem_tag_map AS map ON (u.id = map.tag_id)');
$query->JOIN ('LEFT', 'slq_content AS cont ON (map.content_item_id = cont.id)');

// Assign the query to the db
$db->setQuery($query);

// Load the results as an array of objects.
$results = $db->loadObjectList();

$list = array();
foreach ($results as $row)
{
$list[] = "<li>" . $row->title . "</li>";
}
return implode($list);
 
Couple of things ...

Firstly, try {bios___Name_raw}. as it looks like the element is getting formatted as a display link. The _raw placeholder should have the unformatted text.

Also, whenever you use a form input or element data in a query, *always* run it through $db->quote(), to avoid a) quotes in the value prematurely closing the quotes surround the value, but more importantly, to prevent SQL injection attacks. So try ...

$query->where('u.title = ' . $db->quote("{bios___Name_raw}"));
Click to expand...

https://xkcd.com/327/

-- hugh
 
PS, not really relevant, but just for completeness, you should probably wrap a UL around those LI's ...

Code: 
return '<ul>' . implode($list) . '</ul>';

-- hugh
 
Thanks! That appears to have fixed it--the weird thing is--it worked as expected when generating the details for already made forms, but wouldn't let me save a new or edited form, or view the list data. I had found a workaround--I'd created a 2nd list on the same table, just to generate a detail view with some customizations, and left the element to eval in that 2nd list, but turned off eval in the original (since all I needed was the list view to eval that code) and it did what I needed-- but with this change to my syntax now I can eval it in the original list too and no more errors. Thanks again!
 
You must log in or register to reply here.

Useful links

  • Create a Fabrik Account (Downloads)
  • Create a Forum Account
  • Fabrik Wiki
  • Fabrik 4 Changelog /Install /Upgrade

    • Members online

    No members online now.
    Total: 59 (members: 0, guests: 59)
    Back
    Top