Stash
ExpressionEngine 2, ExpressionEngine 3, ExpressionEngine 4, ExpressionEngine 5, ExpressionEngine 6
Back to this add-on's main page
View Other Add-ons From Mark Croxton
Stash in exp:query
Support Request
Verve - Webdesign und Grafik
|
Posted: 23 January 2017 10:25 AM |
|
|
|
Hi
I want to use a stash variable ({exp:stash:get name=‘sgi_bezirk’ trim=‘yes’}) in an sql query.
{exp:query sql=" SELECT * FROM view_monatstotal_bezirk WHERE bezirk = '{exp:stash:get name='sgi_bezirk' trim='yes'} "}
Is this possible and how do I have to format the code of stash?
Thanks!
|
|
|
Mark Croxton
|
Posted: 23 January 2017 10:31 AM |
# 1
|
|
Developer
|
Where does the value of ‘sgi_bezirk’ come from? You must be absolutely certain that it is NOT coming from user input. Or if it is, to ensure you filter and sanitize that input carefully.
To tell EE to parse tags passed in parameters you must add parse=“inward” to the tag (the query tag).
Alternatively, you could use a a small plugin and accessing the value of the variable via the Stash api:
https://github.com/croxton/Stash/wiki/Using-stash-methods-in-your-own-add-ons
|
|
|
Verve - Webdesign und Grafik
|
Posted: 23 January 2017 11:16 AM |
# 2
|
|
|
parse=“inward” made it work.
I checked the docs of ee but did not find parse=“inward” in exp:sql
Thanks for super support!
|
|
|