By kiphaas7 on

Hi there,

I'm used to supply user provided arguments separate from the query, per http://api.drupal.org/api/function/db_query/6.

However, now I want to achieve the same with pager_query(): http://api.drupal.org/api/function/pager_query/6

In the api about pager_query() I found this:

... A variable number of arguments which are substituted into the query (and the count query) using printf) syntax. Instead of a variable number of query arguments, you may also pass a single array containing the query arguments.

But unfortunately, thats mumbo-jumbo for me... :( Anyone able to help me out?

Categories: Drupal 6.x

Comments

sartenero’s picture

sartenero commented

I think that you can provide your arguments adding them after last parameter ($count_query):

$limite_paginado = 2;
$sqlQuery = 'SELECT fieldname FROM {table_name} WHERE nid = %d';
$result = pager_query($sqlQuery, $limite_paginado,0,NULL,$nid_value_argument);
while ($data = db_fetch_object($result)) {
   ...
}
alexmoreno’s picture

alexmoreno commented

in fact, some of the examples i've seen in the docs and forums allow sql injection attacks. Your code works like a charm sartenero:

$sql = 'SELECT * FROM {flag_content} WHERE uid=%d';
	// SOME DRUPAL MAGIC >> USING PAGER TO SHOW RESULTS
	$resource = pager_query($sql, $count, 0, NULL, $uid);

Note that i will not work without 0 and null parameters between $count and $uid