Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 7 years ago.
Improve this question
I am having some trouble getting my search query to work. I get this error:
PDOException: SQLSTATE[HY093]: Invalid parameter
$test = $_POST["test"];
$query='SELECT * FROM news WHERE name LIKE :search OR category LIKE :search';
$stmt = $dbh->prepare($query);
$stmt->bindValue(':search', '%' . $test . '%', PDO::PARAM_INT);
$stmt->execute();
foreach ($stmt as $row) {
echo $row ['id'];
echo $row ['name'];
}
it only works if i remove OR category LIKE :search
I believe it's because you are trying to re-use the same bind variable again. Try using a different one like
$query='SELECT * FROM news WHERE name LIKE :search OR category LIKE :search1';
$stmt = $dbh->prepare($query);
$stmt->bindValue(':search', '%' . $test . '%', PDO::PARAM_INT);
$stmt->bindValue(':search1', '%' . $test . '%', PDO::PARAM_INT);
Related
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 7 years ago.
Improve this question
I am getting an error in select query line. Here it is:
Parse error: syntax error, unexpected '' (T_ENCAPSED_AND_WHITESPACE),
expecting identifier (T_STRING) or variable (T_VARIABLE) or number
(T_NUM_STRING
And the code:
<?php
include('dbconnection.php');
$sql = "select * from 'user' where id ='.$_REQUEST['id'].' ";
$result = mysql_query( $sql);
if(!$result )
{
die('Could not enter data: ' . mysql_error());
}
$sql="select * from `user` where id ='".$_REQUEST['id']."' ";
This will solves your problem But look mysqli_query to limit your SQL-injection vulnerability.
Replace query:
$sql="select * from 'user' where id ='.$_REQUEST['id'].' ";
with:
$sql="select * from `user` where id =".$_REQUEST['id']."";
You can try this:
$id = (int) $_REQUEST['id']; // interger value
$sql = "select * from `user` where id = '$id' ";
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
I have a query with some parameters that I bind with PDO. This is my code:
$sql = "SELECT altezza_pneumatici FROM tbl_catalogo_pneumatici "
. "WHERE sigla_produttore = :marca "
. "AND larghezza_pneumatici = :larghezza"
. "GROUP BY altezza_pneumatici "
. "ORDER BY altezza_pneumatici ASC";
$query = $DBobj->dbConn->prepare($sql);
$query->bindValue(':marca', $marca, PDO::PARAM_STR);
$query->bindValue(':larghezza', $larghezza, PDO::PARAM_STR);
$query->execute();
But it does not work. I have this error:
Warning: PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number: parameter was not defined in C:\Users\mydoc\Documents\pjct\web_gomme_new\class\class.Pneumatico.php on line 116
What is the problem? I printed both variables used in binding function, and they have correct values.
I can not say for sure if this is the problem, but there is an error in your query. (missing space).
$sql = "SELECT altezza_pneumatici FROM tbl_catalogo_pneumatici "
. "WHERE sigla_produttore = :marca "
. "AND larghezza_pneumatici = :larghezza[ ]"
. "GROUP BY altezza_pneumatici "
. "ORDER BY altezza_pneumatici ASC";
See the brackets behind :larghezza.
Your query will end up being "..AND larghezza_pneumatici = :larghezzaGROUP BY altezza_pneumatici...".
You do not need to break up the SQL query string.
$sql = "SELECT altezza_pneumatici FROM tbl_catalogo_pneumatici
WHERE sigla_produttore = :marca
AND larghezza_pneumatici = :larghezza
GROUP BY altezza_pneumatici
ORDER BY altezza_pneumatici ASC";
Is fine. Whitespace at end of each line. This should do the trick.
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
I am very new to PDO and I am trying to decode all the rows in my table "test" which contains special entities for instance "('L& eacute;on: The Professional')" instead of "Léon:The Professional".
So, here is what I tried:
<?php
require_once('connection.php');
$stmt = $conn->prepare("SELECT * from test");
$stmt->execute();
while ($results = $stmt->fetch()){
$b = html_entity_decode($stmt);
echo $b;
}
but I have no output printed..
Could someone kindly help me fix it?
prepare() returns a statement object ($stmt in your case)
fetch() returns associative array where the index would be the column name
$sql = "SELECT column1, column2, column3 from test";
$stmt = $conn->prepare($sql);
$stmt->execute();
$result = array()
while ($row = $stmt->fetch()){
$resutlt[] = array('column1' => html_entity_decode($row['column1']),
'column2' => html_entity_decode($row['column2']),
'column3' => html_entity_decode($row['column3'])
);
}
var_dump($result);
return $result;
EDIT: to replace the values
//prepare select
$sql = "SELECT id, column1, column2, column3 from test";
$stmt = $conn->prepare($sql);
$stmt->execute();
//prepare update
$update_sql = "UPDATE test SET column1=?,column2=?,column3=? WHERE id = ?;";
$update_stmt = $conn->prepare($update_sql);
while ($row = $stmt->fetch()){
//update
$update_stmt->execute(array(html_entity_decode($row['column1']),
html_entity_decode($row['column2']),
html_entity_decode($row['column3']),
$row['id']
);
}
You did not define $query, thus it has no execute() function. If you wish to execute your prepared statement, you should call $stmt->execute().
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 9 years ago.
Improve this question
Well please help to correct syntax fo the following code. I have to select 2 values from one table and insert them in another table. one value is taking from PHP variable.this all needs to be done using Opencart model file
$this->db->query("UPDATE " . DB_PREFIX . "rate_cost SET rate_cost = " . $this->db->escape($data['rate_cost']) );
$sql = "SELECT DISTINCT competition_rate, customer_id FROM " . DB_PREFIX . "customer WHERE competition_rate NOT LIKE 0";
$query = $this->db->query($sql);
$rates = array();
$customer_ids = array();
foreach($query->row['competition_rate'] as $result){
$rates[] = $result * $data['name'];
}
foreach($query->row['customer_id'] as $result2){
$customer_ids[] = $result2;
}
$sums = $rates;
$ids = $customer_ids;;
$sql = ("INSERT INTO 'customer_transaction'(customer_id,amount) VALUES'".$ids.",".$sums"'");
}
I am getting the folowing error:
Parse error: syntax error, unexpected '"'"' (T_CONSTANT_ENCAPSED_STRING) in C:\xampp\htdocs\sport\admin\model\competition\newsletter.php on line 18
You have some syntax errors in your $sql query, the correct syntax for INSERT query is
INSERT INTO table (columns) VALUES ('values');
So youre missing paranthesis for your values and you dind't surround correctly with quotes. So change as follow
VALUES ('".$ids."','".$sums"')");
So the complete query will look like that
("INSERT INTO 'customer_transaction'(customer_id,amount) VALUES ('".$ids."','".$sums"')");
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
I got this query to insert a row in my table, but it gives this error
Fatal error: Call to a member function bindParam() on a non-object in */misc/php/process.php on line 35
Code:
$query = mysqli_query($conn, "INSERT INTO pm (van,naar,status,admin,onderwerp,tijd,bericht) VALUES(:van,:naar,:status,:admin,:onderwerp,:tijd,:bericht)");
$stmt = $conn->prepare($query);
$stmt->bindParam(':van', $van); //<-- line 35
$stmt->bindParam(':naar', $naar);
$stmt->bindParam(':status', $status);
$stmt->bindParam(':admin', $admin);
$stmt->bindParam(':onderwerp', $onderwerp);
$stmt->bindParam(':tijd', $tijd);
$stmt->bindParam(':bericht', $bericht);
$stmt->execute();
$stmt->close();
Your code should be:
$query = "INSERT INTO pm (van,naar,status,admin,onderwerp,tijd,bericht) VALUES(:van,:naar,:status,:admin,:onderwerp,:tijd,:bericht)";
$stmt = $conn->prepare($query);
This line:
$query = mysqli_query($conn, "INSERT INTO pm (van,naar,status,admin,onderwerp,tijd,bericht) VALUES(:van,:naar,:status,:admin,:onderwerp,:tijd,:bericht)");
is actually querying the database with that statement. It would make more sense as:
$result = mysqli_query($conn, "INSERT INTO pm (van,naar,status,admin,onderwerp,tijd,bericht) VALUES(:van,:naar,:status,:admin,:onderwerp,:tijd,:bericht)");
but you aren't looking for a result, but just a prepared statement, so follow my example above.