[Bug]: Error in SQL Syntax on GET /activities with modifiedSinceTimestamp parameter

[webdev-dp]

Expected behavior

When making a GET request to the /activities endpoint with the modifiedSinceTimestamp parameter, the API should return the relevant activities that have been modified since the provided timestamp. The SQL query should execute without any syntax errors, and the response should be accurate based on the specified timestamp.

Actual behavior

Currently, when making a GET request to the /activities endpoint with the modifiedSinceTimestamp parameter, the API returns a syntax error related to SQL execution. The error message displayed is as follows:

Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '?) AND (1676560666)) dbal_count_tbl' at line 1

Steps to reproduce

To reproduce the issue, follow these steps:

• Make a GET request to the /activities endpoint.
• Include the modifiedSinceTimestamp parameter in the request.
• Set the value of the modifiedSinceTimestamp parameter to a specific timestamp (e.g., 1676560666).
• Observe the error message in the API response, indicating a syntax error in the SQL query execution.

Proposed Solution:
The issue arises from incorrect parameter binding in the SQL query. To fix this issue, the suggested solution is as follows:

Update the code implementation from:

if ($ts = $params->getModifiedSinceTimestamp()) {
    $select->where('modificationDate >= ?', $ts);
}

TO:

if ($ts = $params->getModifiedSinceTimestamp()) {
      $select->where('modificationDate >= ?');
      $select->setParameters([$ts]);
}

By implementing the correct parameter binding, the SQL query will execute properly, and the error message will be resolved.

[aryaantony92]

Fixed by #498