i just want a direct answer and explanation why my prior query works but the latter does not..
here is the query that works just fine:
$sql = "SELECT * FROM productslist WHERE brand LIKE ?";
and this doesn't work at all and just returns an error:
$sql = 'SELECT * FROM productslist WHERE brand LIKE "%'.$search_string.'%"';
can someone please explain me why the latter query doesn;t work at all?
thanks in advance..
I tested the query with a table on my own DB. worked fine... I used a constant
Try mysqli_real_escape_string:
$search_string = mysqli_real_escape_string($conn, $search_string);
$sql = 'SELECT * FROM productslist WHERE brand LIKE "%'. $search_string .'%"';
Try this with PDO (Edit: Including PDO connection string since he didn't specify if he was using PDO) -
$dbh = new PDO("mysql:hostname=$your_server;dbname=$database_name, $username, $password);
$sql = "SELECT * FROM productslist WHERE brand LIKE :search";
$query = $dbh->prepare($sql);
$query->bindValue(":search", "%$search_string%");
$query->execute();
$result = $query->fetchAll(PDO::FETCH_ASSOC);
Related
am using localhost and database from phpmyadmin
in php
<?php
$pdo = new PDO("mysql:host=localhost;port=3306;dbname=site_1", "root", "");
$query = "SELECT * FROM comment_v1";
$stmt = $pdo->prepare($query);
$avatars = $stmt->fetchAll(PDO::FETCH_ASSOC);
print_r($avatars);
?>
in output
Array ( )
am working on games download site and i created 4 tables for now and all scripts working 100% without pb and the query the same but when i try to SELECT anything from table comment_v1 his apears nothing and idk the reason so i try to disable all the old query in scripts but the same result i got , but when i try code to SELECT the old query again his shows nothing with knowing that old query still working for now and idk why when i try to SELECT them again his show me nothing
Have you tried adding an execute() function before the fetchAll()?
something like:
<?php
$pdo = new PDO("mysql:host=localhost;port=3306;dbname=site_1", "root", "");
$query = "SELECT * FROM comment_v1";
$stmt = $pdo->prepare($query);
$stmt = $stmt->execute();
$avatars = $stmt->fetchAll(PDO::FETCH_ASSOC);
print_r($avatars);
?>
When I run the code below, it returns nothing. When I explicitly type a string in the place of the '?', it will return the expected result but using the prepared version has not worked for me thus far. I do not believe there is any kind of versioning issue as using prepared statements for INSERT queries has worked for me in the past. What might be the problem here with the prepared statement?
$pdo = new PDO("mysql:host=localhost;dbname=database", $user, $pass);
$sql = "SELECT * FROM table WHERE column LIKE '%?%';";
$stmt = $pdo->prepare($sql);
$stmt->execute(array($_GET['searchterm']));
$results = $stmt->fetchAll();
print_r($results);
You are preparing the value so it isn't behaving as if you just put the string inside of the query.
When preparing a string you don't need to add " or ', that is done for you. You need to add the %'s into the value that you are escaping.
$pdo = new PDO("mysql:host=localhost;dbname=database", $user, $pass);
$sql = "SELECT * FROM table WHERE column LIKE ?;";
$stmt = $pdo->prepare($sql);
$stmt->execute(array("%{$_GET['searchterm']}%"));
$results = $stmt->fetchAll();
print_r($results);
i'm trying to retrieve info from my database using PDO.
The code i'm using is
$input = $_GET['input'];
$inputvalue = $_GET['inputvalue'];
$db = DB::get_instance();
$query = $db->prepare('SELECT * FROM hwidex7 WHERE :input=:inputvalue');
$query->bindParam(':inputvalue', $inputvalue);
$query->bindParam(':input', $input);
$query->execute();
You can't bind table or column as parameter in PDO
You can build your query as
$query = $db->prepare("SELECT * FROM hwidex7 WHERE `$input` =:inputvalue");
$query->bindParam(':inputvalue', $inputvalue);
$query->execute();
$result = $query->fetch(PDO::FETCH_ASSOC);
print_r($result);
Both ways are wrong.
SELECT * FROM hwidex7 WHERE `HWID`='3087793810'
Just try above query.
You will get Idea for same.
All the examples and documentation didnt really help or even offer an example for this so I m gonna ask here:
$db = new SQLite3(database.db);
$stmt = $db->prepare('SELECT COUNT(uid) FROM kunden WHERE date = :date');
$stmt->bindValue(':ldate',$today,SQLITE3_TEXT);
$result = $stmt->execute;
How can I get the result from that prepared statement? I know execute is not supposed to return a result. I tried using query and query_single but that didnt work. var_dump($result->fetchArray()); also didnt work. Help is much appreciated.
SQLite3Stmt::execute() is a function, and needs to be called as such:
$db = new SQLite3('database.db');
$stmt = $db->prepare('SELECT COUNT(uid) FROM kunden WHERE date = :date');
$stmt->bindValue(':ldate',$today,SQLITE3_TEXT);
$result = $stmt->execute();
You can then fetch the result like this:
$array = $result->fetchArray();
echo $array['COUNT(uid)'];
I'm connecting to my database through a PDO and I'm preparing this statement and then binding the parameter:
$stmt = $conn->prepare("SELECT * FROM movies WHERE movie_name LIKE '%:mName%'");
$stmt->bindParam(':mName', $moviename);
It doesn't find anything in the database but if I do it like this, it works:
$stmt = $conn->prepare("SELECT * FROM movies WHERE movie_name LIKE '%". $moviename . "%'");
This is the full code, below:
<?php
function Search_movie(){
$conn = new PDO('mysql:host=localhost;dbname=cinema;charset=utf8', 'root');
$moviename = 'cloud';
$stmt = $conn->prepare("SELECT * FROM movies WHERE movie_name LIKE '%:mName%'");
$stmt->bindParam(':mName', $moviename);
var_dump($stmt);
$stmt->execute();
$data = $stmt->fetch(PDO::FETCH_ASSOC);
print "<br>";
var_dump($data);
}
Search_movie();
?>
Can anybody tell me why it works that way?
The solution would be to not include the % in your query but in your param, as it is part of the search expression and not a "flag" of LIKE :
$stmt = $conn->prepare("SELECT * FROM movies WHERE movie_name LIKE :mName");
$stmt->bindParam(':mName', '%' . $moviename . '%');
Note that you don't have to put the simple-quotes around the parameter, since PDO will be dealing with this on its own.