This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Using LIKE in bindParam for a MySQL PDO Query [duplicate]
(2 answers)
Closed 7 years ago.
I'm trying to get PDO to return the results of a wildcard search. My code is:
$search = "%Notes%";
$result = $db->prepare("SELECT * FROM books WHERE 'name' LIKE :search");
$result->bindParam(':search', $search);
$result->execute();
while($arr = $result->fetch(PDO::FETCH_ASSOC)){
echo $arr['name'];
}
At the moment, I get a blank screen. If I run the sequel through PHPMyAdmin:
SELECT * FROM books WHERE name LIKE '%Notes%'
I get the appropriate result.
I assume it's something to do with the way I am formatting my PDO statement, I know you can't have a dynamic column name but I don't see what is going wrong?
in your query you have 'name' change that to just backticks instead of quotes
aka
$result = $db->prepare("SELECT * FROM `books` WHERE `name` LIKE :search");
you can also just remove the backticks
Related
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Reference - What does this error mean in PHP?
(38 answers)
Closed 5 years ago.
One of my MySQL columns contains a hyphen. While the query works fine when tested through a mysql browser, it returns the key rather than the value when using using php mysqli_fetch_array($result).
The query I am running looks like this:
if($test_base_name==='isolation-mer') {
$test_name="`".$ds_channel[$i]."_isolation-mer`";
}
else {
$test_name=$ds_channel[$i]."_isolation-mer";
}
$query="select serial_number, $test_name from table_name";
if($result=mysqli_query($dbc,$query)) {
while($row=mysqli_fetch_arrya($result) {
$sid=$row['serial_number'];
$pass_fail=$row[$test_name];
...
The serial number is retrieved successfully. However, the $pass_fail variable always retrieves nothing. The test name is embedded with quotes. Even if I hardwire the key name within all kinds of quotes, it always retrieves the key and not the value.
This is an old version of PHP and I wonder if that is the issue. Perl has no issues with this.
PHP reads the below code as a variable and not as the name of your database column:
$pass_fail=$row[$test_name];
The below code should work:
$pass_fail=$row['$test_name'];
Using ...
select serial_number, 'isolation-noise' from table_name
means that 'isolation-noise' is a literal value which is selected and will return a result set of (e.g.)
1234,'isolation-noise'
1235,'isolation-noise'
whereas...
select serial_number, `isolation-noise` from table_name
using backticks, will return the actual value of the column.
Update:
When doing the assignment - you definitely shouldn't have backticks in the name of the field, so
$test_name=$ds_channel[$i]."_isolation-mer";
$query="select serial_number, `$test_name` from table_name";
if($result=mysqli_query($dbc,$query)) {
while($row=mysqli_fetch_arrya($result) {
$sid=$row['serial_number'];
$pass_fail=$row[$test_name];
So this always puts backticks round column name in the select statement and uses the raw name in fetching the data from the result set.
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Reference - What does this error mean in PHP?
(38 answers)
Closed 5 years ago.
Trying to do a school project, essentially need to take the choice of animal from a dropdown menu, and add the ID of that animal to the order table of the database. dropdown is on a seperate page which works fine, and posts result to this page.
the code:
<?php
include_once("connect-db.php");
if(isset($_POST['Submit'])) {
$choice = $_POST['choice'];
$result = mysqli_query($mysqli, "SELECT * FROM animals WHERE AnimalSpecies=$choice");
while($res = mysqli_fetch_array($result))
{
$id = $res['AnimalID'];
}
$query = mysqli_query($mysqli, "INSERT INTO order('AnimalID') VALUES('$id')");
}
The connectdb file is fine, i have used it in another page. additionally, $choice is working fine, i had it echo manually and it shows the right value. I dont get any error message, it just doesnt add anything to the order table.
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 7 years ago.
I need to select a user with a particular name:
mysql_query('select * from user where screen_name='.$userName.'');
Anyone can help me where I'm wrong?
Yes wrong sql :
mysql_query('select * from user where screen_name="'.$userName.'"');
mysql_query("select * from user where screen_name = '".$userName."';");
Better (in my mind)
$sql = "SELECT * FROM `user` WHERE `screen_name` = '".$userName."';";
mysql_query($sql);
Even better - use mysqli....
mysql_query("select * from user where screen_name='$userName'");
try that.....
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 7 years ago.
This string works:
$sql = 'SELECT * FROM Bar_Info WHERE b_id=' .
$db->real_escape_string($_GET['b_id']);
However, this one does not:
$sql = 'SELECT * FROM Bar_Info WHERE BarLink=' .
$db->real_escape_string($_GET["BarLink"]);
b_id are variables and BarLink are names of bars some including hyphens. An example being: granite-city
Is there any reason the second example of code would not work?
You need to quote your SQL parameters:
$sql = 'SELECT * FROM Bar_Info WHERE BarLink=\'' . $db->real_escape_string($_GET["BarLink"]).'\'';
The first query likely works because you just use numbers, but the second one uses a string.
PS: Quoting is necessary in both cases as otherwise you are vulnerable to SQL injection.
strings in SQL queries have to be surrounded by quotation marks, while integers don't. So if "BarLink" contains strings, you'll have to add those:
$sql = 'SELECT * FROM Bar_Info WHERE BarLink="' . $db->real_escape_string($_GET["BarLink"]).'"';
This question already has answers here:
Can PHP PDO Statements accept the table or column name as parameter?
(8 answers)
Closed 8 years ago.
I'm having trouble figuring out what I'm doing wrong. If i use this set of code I get the result I intend:
$x = $db->prepare('SELECT * FROM table LIMIT 2');
$x->execute();
print_r($x->fetchALL());
When I use this set of code I don't get anything in return:
$a = "table";
$b = "2";
$x = $db->prepare('SELECT * FROM ? LIMIT ?');
$x->execute(array($a,$b));
print_r($x->fetchALL());
Is there something I'm missing? Thanks in advance.
Parameter placeholders can only be used to replace column values; not table names, column names, or other syntax elements (including LIMIT values).
In order to make your query dynamic with respect to things that can't be parameterized, you have to build it yourself, without PDO's help. However, you should still build it so that the values that can be parameterized, are paramerized.