Since the latest updates I get the following error, when using contextual filter values for sorting:

SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens: SELECT node_field_data.langcode AS node_field_data_langcode, group_content_field_data_node_field_data.langcode AS group_content_field_data_node_field_data_langcode, node_field_data.sticky AS node_field_data_sticky, node_field_data.created AS node_field_data_created, node_field_data.nid AS nid, group_content_field_data_node_field_data.id AS group_content_field_data_node_field_data_id, CASE .nid WHEN :_nid THEN 0 ELSE 1 END AS arg_order6311 FROM {node_field_data} node_field_data LEFT JOIN {group_content_field_data} group_content_field_data_node_field_data ON node_field_data.nid = group_content_field_data_node_field_data.entity_id AND group_content_field_data_node_field_data.type IN ( :views_join_condition_0__0, :views_join_condition_0__1, :views_join_condition_0__2, :views_join_condition_0__3, :views_join_condition_0__4, :views_join_condition_0__5, :views_join_condition_0__6, :views_join_condition_0__7, :views_join_condition_0__8, :views_join_condition_0__9, :views_join_condition_0__10, :views_join_condition_0__11, :views_join_condition_0__12, :views_join_condition_0__13, :views_join_condition_0__14, :views_join_condition_0__15, :views_join_condition_0__16, :views_join_condition_0__17, :views_join_condition_0__18, :views_join_condition_0__19, :views_join_condition_0__20, :views_join_condition_0__21, :views_join_condition_0__22, :views_join_condition_0__23, :views_join_condition_0__24, :views_join_condition_0__25, :views_join_condition_0__26, :views_join_condition_0__27, :views_join_condition_0__28, :views_join_condition_0__29, :views_join_condition_0__30, :views_join_condition_0__31, :views_join_condition_0__32, :views_join_condition_0__33, :views_join_condition_0__34, :views_join_condition_0__35, :views_join_condition_0__36, :views_join_condition_0__37, :views_join_condition_0__38, :views_join_condition_0__39, :views_join_condition_0__40, :views_join_condition_0__41, :views_join_condition_0__42, :views_join_condition_0__43, :views_join_condition_0__44, :views_join_condition_0__45 ) WHERE ((group_content_field_data_node_field_data.gid IN(:group_content_field_data_gid__0, :group_content_field_data_gid__1, :group_content_field_data_gid__2, :group_content_field_data_gid__3, :group_content_field_data_gid__4, :group_content_field_data_gid__5, :group_content_field_data_gid__6, :group_content_field_data_gid__7, :group_content_field_data_gid__8, :group_content_field_data_gid__9))) AND ((node_field_data.status = :db_condition_placeholder_1) AND (node_field_data.promote = :db_condition_placeholder_2) AND (node_field_data.type IN (:db_condition_placeholder_3, :db_condition_placeholder_4, :db_condition_placeholder_5))) ORDER BY arg_order6311 ASC, node_field_data_sticky DESC, node_field_data_created DESC LIMIT 50 OFFSET 0; Array ( [:db_condition_placeholder_1] => 1 [:db_condition_placeholder_2] => 1 [:db_condition_placeholder_3] => group_details [:db_condition_placeholder_4] => shop_product [:db_condition_placeholder_5] => allgemeiner_inhaltstyp [:group_content_field_data_gid__0] => 1 [:group_content_field_data_gid__1] => 44 [:group_content_field_data_gid__2] => 83 [:group_content_field_data_gid__3] => 35 [:group_content_field_data_gid__4] => 78 [:group_content_field_data_gid__5] => 87 [:group_content_field_data_gid__6] => 95 [:group_content_field_data_gid__7] => 123 [:group_content_field_data_gid__8] => 124 [:group_content_field_data_gid__9] => 146 [:views_join_condition_0__0] => group_content_type_07f2807df3c4e [:views_join_condition_0__1] => group_content_type_085244e4f3887 [:views_join_condition_0__2] => group_content_type_1a213b0cdd02f [:views_join_condition_0__3] => group_content_type_23d4ba31dce30 [:views_join_condition_0__4] => group_content_type_2e4306102d310 [:views_join_condition_0__5] => group_content_type_3118930b67ac6 [:views_join_condition_0__6] => group_content_type_3320c84c364bf [:views_join_condition_0__7] => group_content_type_55b283aae8b66 [:views_join_condition_0__8] => group_content_type_5b53d77cc76d4 [:views_join_condition_0__9] => group_content_type_5f2744ad5857a [:views_join_condition_0__10] => group_content_type_669c6fba9e6fd [:views_join_condition_0__11] => group_content_type_75e0a994a4c9b [:views_join_condition_0__12] => group_content_type_77335871d4f2a [:views_join_condition_0__13] => group_content_type_78c352d75da4f [:views_join_condition_0__14] => group_content_type_78fcaf395cd2d [:views_join_condition_0__15] => group_content_type_7acce48510f6b [:views_join_condition_0__16] => group_content_type_805c6b76215e0 [:views_join_condition_0__17] => group_content_type_8c4dd1a6ace68 [:views_join_condition_0__18] => group_content_type_8df5f5c3cf64d [:views_join_condition_0__19] => group_content_type_90656ed319282 [:views_join_condition_0__20] => group_content_type_a4a6ba2e1b664 [:views_join_condition_0__21] => group_content_type_a67b5f096c00e [:views_join_condition_0__22] => group_content_type_a6cb4a88dcfc7 [:views_join_condition_0__23] => group_content_type_a82a861f2c8bf [:views_join_condition_0__24] => group_content_type_ac81fd6e9a95b [:views_join_condition_0__25] => group_content_type_c56180f295162 [:views_join_condition_0__26] => group_content_type_c77a712e812b5 [:views_join_condition_0__27] => group_content_type_c921f01b582e1 [:views_join_condition_0__28] => group_content_type_db86376b47b2a [:views_join_condition_0__29] => group_content_type_dd463a21dd38a [:views_join_condition_0__30] => group_content_type_ddca4bdfff437 [:views_join_condition_0__31] => group_content_type_e3b11aa2d95ef [:views_join_condition_0__32] => group_content_type_edc6e9244c1a8 [:views_join_condition_0__33] => me-group_node-at_t_todo [:views_join_condition_0__34] => me-group_node-shorturl [:views_join_condition_0__35] => me-group_node-tag [:views_join_condition_0__36] => me-group_node-target [:views_join_condition_0__37] => me-group_node-l_log [:views_join_condition_0__38] => community-group_node-tag [:views_join_condition_0__39] => public-group_node-at_t_todo [:views_join_condition_0__40] => public-group_node-shorturl [:views_join_condition_0__41] => public-group_node-tag [:views_join_condition_0__42] => public-group_node-target [:views_join_condition_0__43] => public-group_node-l_log [:views_join_condition_0__44] => domain-group_node-domain [:views_join_condition_0__45] => domain-group_node-l_log )

CommentFileSizeAuthor
#20 interdiff-19-20.txt512 bytesmariacha1
#20 3212018-invalid-parameter-number-20.patch2.29 KBmariacha1
#19 interidff-16-19.txt946 bytesmariacha1
#19 3212018-invalid-parameter-number-19.patch2.3 KBmariacha1
#16 3212018-invalid-parameter-number.patch1.58 KBjsobiecki
#13 views_arg_order_sort-fix-error-using-all-argument-3212018-13.patch787 bytes_shy

Issue fork views_arg_order_sort-3212018

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

ViNCE created an issue. See original summary.

lamp5’s picture

lamp5
Primary language Polish
Location Rzeszow
commented
Version: 2.0.0-alpha1 » 2.x-dev

Steps to reproduce..... ?

-nrzr-’s picture

-nrzr- commented

We got the same issue.

Just update from older version or apply patch from:
https://www.drupal.org/project/views_arg_order_sort/issues/2982591

Also, if it helps, we are getting this issue on a media view.

-nrzr-’s picture

-nrzr- commented

I believe we found the issue:
$order_by = vsprintf($order_by, $items);

This function allows for anything coming from the Views argument to be injected into the OrderBy here:
$this->query->addOrderBy(NULL, $order_by, $order, $alias);

Meaning this is exposed to this security issue.

We will try to solve this by filtering each $item that is not explicity numeric.

But may not work for each case. This is a serious security problem and should be handled through the proper Drupal Security advisory.

johnrosswvsu’s picture

johnrosswvsu commented

I have encountered this issue as well. And this could be happening for example if there are two similar arguments.
nid for multiple value (nid)
nid for exclude (nid1)

The Sort is added on the first argument but the query tokens added is on the second nid instead, which usually is nid1.

rolandoscott’s picture

rolandoscott commented

Getting the same result, no matter the different options.. this module is broken as is, unless I am missing something?

demonde’s picture

demonde commented

I have the problem

Invalid parameter number: number of bound variables does not match number of tokens

for an argument ID

  • if the filter value is not available
  • and I display all results for the specified field
  • and I have an exception value 'all' and pass the argument 'all'.

In this case the argument sort order should be ignored but its not.

chucksimply’s picture

chucksimply commented

So is this module unusable then? I see the last release was 2 years ago.

chucksimply’s picture

chucksimply commented
Priority: Normal » Major
lamp5’s picture

lamp5
Primary language Polish
Location Rzeszow
commented

Hmmm, do you see any major issue to commit or any new feature to mark new release?

chucksimply’s picture

chucksimply commented

I just see this specific issue keeping the module unusable, and it going untouched for so long. I wish I could assist in contributing a solution, but it's beyond my skillset. Any further thoughts on this error/issue fix?

chucksimply’s picture

chucksimply commented

@lamp5, can you provide an update on this issue. Looks like the module is dead without a fix for it.

_shy’s picture

_shy
Primary language Ukrainian
Location Ukraine, Lutsk 🇺🇦
commented
StatusFileSize
new views_arg_order_sort-fix-error-using-all-argument-3212018-13.patch787 bytes

Hi guys.
I just took a quick look at this issue and provided a very short and dirty way how we can skip errors for the case when using 'all' as a contextual filter argument.
This patch shouldn't fix all cases and I created it only just as a workaround to handle specific cases.
Feel free to upgrade it and improve.

alexius’s picture

alexius commented

Patch from #13 working for me. Thanks, Diakuju @_shy.

jsobiecki’s picture

jsobiecki commented

I'm affected by this problem, and unfortunately patch #13 doesn't work. After some debugging, my impression is that root cause of issue is usage of placeholder() method in ArgOrderStort plugin:

    // Attempt to determine the number appended to the query substitutes.
    // Calling the placeholder function increments the placeholder count by 1,
    // so we subtract one to get the number that was used before.
    $placeholder_suffix = str_replace(':' . $left_table . '_' . $left_field, '', $this->query->placeholder($left_table . '_' . $left_field));
    if (!empty($placeholder_suffix) && intval($placeholder_suffix) > 1) {
      $placeholder_suffix = intval($placeholder_suffix) - 1;
    }

The placeholder generates a field placeholder name with dynamic suffix (number). It uses static variable to provide proper number for suffix. Each execution of placeholder() the method is increasing suffix for sql placeholder.

My scenario is that I have few views that are using same base table. As static variable is not being restarted for each view, the placeholder is increased and provides false (from the views_arg_order_sort) arguments. I'll try to rewrite the code to avoid placeholder() method. It generates unexpected side effects.

jsobiecki’s picture

jsobiecki commented
StatusFileSize
new 3212018-invalid-parameter-number.patch1.58 KB

I created the fix for reported issue. Instead of using placeholder() method, I decided to generate SQL query and use regular expression to count all suffixes. The project doesn't have regular test suite, but at my test cases this seemed to fix the issue.

jsobiecki’s picture

jsobiecki commented
Status: Active » Needs review

jsobiecki opened merge request !4

mariacha1’s picture

mariacha1 commented
StatusFileSize
new 3212018-invalid-parameter-number-19.patch2.3 KB
new interidff-16-19.txt946 bytes

For me, the patch at #16 wasn't solving the problem because it was a different problem (but the same one from #13). I was passing "all" to the contextual query, like this, if no sort is desired:

all/all

But this when a set of node ids (1, 2, or 3) was desired:

1+2+3/all

The example throwing the error in the description.

I'm adding a patch to go along with #16 to fix this case as well as that one.

mariacha1’s picture

mariacha1 commented
StatusFileSize
new 3212018-invalid-parameter-number-20.patch2.29 KB
new interdiff-19-20.txt512 bytes

Whoops, one more small change when combining these -- Patch #19 gives me:

ValueError: max(): Argument #1 ($value) must contain at least one element in max() (line 150 of modules/contrib/views_arg_order_sort/src/Plugin/views/sort/ArgOrderSort.php).

so I'm just bailing out of the function (like #13 does).

mariacha1’s picture

mariacha1 commented