i'm trying to retrieve info from my database using PDO.
The code i'm using is
$input = $_GET['input'];
$inputvalue = $_GET['inputvalue'];
$db = DB::get_instance();
$query = $db->prepare('SELECT * FROM hwidex7 WHERE :input=:inputvalue');
$query->bindParam(':inputvalue', $inputvalue);
$query->bindParam(':input', $input);
$query->execute();
You can't bind table or column as parameter in PDO
You can build your query as
$query = $db->prepare("SELECT * FROM hwidex7 WHERE `$input` =:inputvalue");
$query->bindParam(':inputvalue', $inputvalue);
$query->execute();
$result = $query->fetch(PDO::FETCH_ASSOC);
print_r($result);
Both ways are wrong.
SELECT * FROM hwidex7 WHERE `HWID`='3087793810'
Just try above query.
You will get Idea for same.
Related
I'm having a problem running prepared queries on a MSSQL database using PDO. I can connect to the database and run SELECT queries with no parameters, but now I'm trying to run a simple SELECT query with one parameter, :user. However, the code does not return any values, despite the fact that there definitely is a database row with that value in. Here's the code I'm using:
$db = new PDO('dblib:host='.$dbHost.';dbname='.$dbName.';charset=utf8mb4',$dbUser, $dbPass);
$stmt = $db->prepare('SELECT * FROM customer WHERE email_address = :user ');
$stmt->bindValue(":user", $_SESSION["username"], PDO::PARAM_STR);
$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
var_dump($result);
I receive no output from the var_dump. I know that in the database there is a correct row, so I tried:
$stmt = $db->prepare("SELECT * FROM customer WHERE email_address = 'the#email.com'");
$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
var_dump($result);
And yet still no value was returned. Am I doing something wrong with PDO? If I type this exact query into the query bar it runs.
you forgot to execute your query.
right after the paramter binding, put this code:
$stmt->execute();
Ok, I'm an idiot. Forgot to execute the query. Amended code for people in the same predicament:
$db = new PDO('dblib:host='.$dbHost.';dbname='.$dbName.';charset=utf8mb4',$dbUser, $dbPass);
$stmt = $db->prepare('SELECT * FROM customer WHERE email_address = :user ');
$stmt->bindValue(":user", $_SESSION["username"], PDO::PARAM_STR);
$stmt->execute();
$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
var_dump($result);
I'm trying to query my sql database using PDO. There are instances in which there are quotes in my query.
function getPageByPagid($pagid) {
$db = dbConnection();
$sql = "SELECT * FROM pages WHERE pagid='".$pagid."'";
$q = $db->prepare($sql);
$q->setFetchMode(PDO::FETCH_ASSOC);
$q->execute();
$results = $q->fetch();
return $results;
}
The function I'm using does prepare my SQL so that it still should work if $pagid has quotes in it. Now it is working when there aren't quotes, but it still isn't when there are quotes. Why isn't this working?
P.S.: The quotes aren't escaped or anything in my database.
May be causing you have integer type of field and sending string try with
$sql = "SELECT * FROM pages WHERE pagid='$pagid'";
or better to use placeholder (PDO standard)
function getPageByPagid($pagid) {
$db = dbConnection();
$sql = "SELECT * FROM pages WHERE pagid= :pagid";
$q = $db->prepare($sql);
$q->bindParam(':pagid', $pagid);
$q->setFetchMode(PDO::FETCH_ASSOC);
$q->execute();
$results = $q->fetch();
return $results;
}
I know how to fetch a PDO array, but how do I collect data from it like you do with MySQLi's fetch_array?
For example,
MySQLi
$query = $mysqli->query("SELECT * FROM `foo` WHERE `ID`='1'");
$array = $query->fetch_array();
Getting a result
echo $array['bar'];
How would you do this with PDO? I understand you can do this:
PDO
$query = $pdo->prepare("SELECT * FROM `foo` WHERE `ID`='1'");
$query->execute();
$result = $query->fetchAll();
Getting the result
echo $result['bar'];
Does not return the same as MySQLi did
Am I doing something wrong, and is there a way of doing this?
fetchAll() is not the same as fetch_array().
You want fetch() to get one row, not fetchAll() which gets ALL rows.
$result = $query->fetch(PDO::FETCH_ASSOC);
I used to do :
$resource = mysql_query("SELECT * FROM table WHERE id = " . $id);
$user = mysql_fetch_assoc($resource);
echo "Hello User, your number is" . $user['number'];
I read that mysql statements are all deprecated and should not be used.
How can i do this with PDO?
The first line would be :
$stmt = $db->prepare("SELECT * FROM table WHERE id = " . $id); // there was an aditional double quote in here.
$stmt->execute(array(':id' => $id));
What about the mysql_fetch_assoc() function?
I am using php
You can use (PDO::FETCH_ASSOC) constant
Usage will be
while ($res = $stmt->fetch(PDO::FETCH_ASSOC)){
....
}
Here's the reference (documentation precisely) : http://www.php.net/manual/en/pdostatement.fetch.php
All well documentned in the manual: http://php.net/manual/en/pdostatement.fetchall.php
As example:
<?php
$sth = $dbh->prepare("SELECT name, colour FROM fruit");
$sth->execute();
/* Fetch all of the remaining rows in the result set */
print("Fetch all of the remaining rows in the result set:\n");
$result = $sth->fetchAll();
print_r($result);
?>
There is a nice manual right here.
From which you can learn what you don't need to set fetch mode explicitly with every fetch.
...and even what with PDO you don't need no arrays at all to echo a number:
$stmt = $db->prepare("SELECT number FROM table WHERE id = ?");
$stmt->execute(array($id));
echo "Hello User, your number is".$stmt->fetchColumn();
This is a nice tutorial:
http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers
<?php
$db = new PDO('mysql:host=localhost;dbname=testdb;charset=utf8', 'username', 'password');
$stmt = $db->query("SELECT * FROM table");
$results = $stmt->fetchAll(PDO::FETCH_ASSOC);
var_dump($results);
?>
You can use PDO::FETCH_ASSOC for the same.
$stmt = $db->prepare("SELECT * FROM table WHERE id = :id");
$stmt->execute(array(':id' => $id));
$stmt->setFetchMode(PDO::FETCH_ASSOC);
$stmt->execute();
while($record = $stmt->fetch()) {
//do something
}
You can find a good tutorial here
Is there a way to execute a SQL String as a query in Zend Framework?
I have a string like that:
$sql = "SELECT * FROM testTable WHERE myColumn = 5"
now I want to execute this string directly withput parsing it and creating a Zend_Db_Table_Select object from it "by hand". Or if thats possible create a Zend_Db_Table_Select object from this string, to execute that object.
How can I do that? I didn't find a solution for this in the Zend doc.
If you're creating a Zend_DB object at the start you can create a query using that. Have a look at this entry in the manual : https://framework.zend.com/manual/1.12/en/zend.db.statement.html
$stmt = $db->query(
'SELECT * FROM bugs WHERE reported_by = ? AND bug_status = ?',
array('goofy', 'FIXED')
);
Or
$sql = 'SELECT * FROM bugs WHERE reported_by = ? AND bug_status = ?';
$stmt = new Zend_Db_Statement_Mysqli($db, $sql);
If you are using tableGateway, you can run your raw SQL query using this statement,
$this->tableGateway->getAdapter()->driver->getConnection()->execute($sql);
where $sql pertains to your raw query. This can be useful for queries that do not have native ZF2 counterpart like TRUNCATE / INSERT SELECT statements.
You can use the same query in Zend format as
$select = db->select()->from(array('t' => 'testTable'))
->$where= $this->getAdapter()->quoteInto('myColumn = ?', $s);
$stmt = $select->query();
$result = $stmt->fetchAll();
Here is an example for ZF1:
$db =Zend_Db_Table_Abstract::getDefaultAdapter();
$sql = "select * from user"
$stmt = $db->query($sql);
$users = $stmt->fetchAll();