I want to execute the following mysql query:
SELECT * FROM `gc_users` WHERE `name` LIKE '%anyname%'
I tried this without success:
$stmt = $dbh->prepare("SELECT * FROM `gc_users` WHERE `name` LIKE :name");
$stmt->bindParam(':name', "%" . $name . "%");
$stmt->execute();
$stmt = $dbh->prepare("SELECT * FROM `gc_users` WHERE `name` LIKE '%:name%'");
$stmt->bindParam(':name', $name);
$stmt->execute();
So I ask you if it is possible to use the % wildcard with prepared statements.
/edit
Thank you. Its working with bindValue:
$stmt = $dbh->prepare("SELECT * FROM `gc_users` WHERE `name` LIKE :name");
$stmt->bindValue(':name', '%' . $name . '%');
$stmt->execute();
It can work with bind param too in following way:
$name = "%$name%";
$query = $dbh->prepare("SELECT * FROM `gc_users` WHERE `name` like :name");
$query->bindParam(':name', $name);
$query->execute();
This could be an alternative:
$className = '%' . $this->className . '%';
$query->bind_param('s', $className);
Related
This is my code:
function getUsers($connection ,$username) {
$sql = "SELECT * FROM users where username = ?";
$stmt = $connection->prepare($sql);
$stmt->bindParam("s", $username, PDO::PARAM_STR);
return $stmt->fetchAll();
}
$voornaam = "dave";
$users = getUsers($connection, $voornaam);
print_r($users);
When I open my webpage, I get an empty Array.
I checked, and there is a user with the username "dave" in my database.
This should work, however, it doesn't...
Anyone knows what I did wrong?
Thanks in advance.
First is, you have to execute it before using fetchAll():
$stmt->execute();
$result = $stmt->fetchAll();
This is the correct way:
$stmt = $connection->prepare('SELECT * FROM users where username = :username');
$stmt->bindParam(':username', $username);
If you want to user ? it will determine the order of ? in bindParam, use it like this:
$sql = "SELECT * FROM users where username = ?";
$stmt = $connection->prepare($sql);
$stmt->bindParam(1, $username, PDO::PARAM_STR);
More example:
$sth = $dbh->prepare('SELECT name, colour, calories
FROM fruit
WHERE calories < ? AND colour = ?');
$sth->bindParam(1, $calories, PDO::PARAM_INT);
$sth->bindParam(2, $colour, PDO::PARAM_STR, 12);
Instead of using
$stmt->bindParam("s", $username, PDO::PARAM_STR);
you need to use
$stmt->bindParam(1, $username, PDO::PARAM_STR);
Check this link for details https://www.php.net/manual/en/pdostatement.bindparam
You need to check this Example #2 Execute a prepared statement with question mark placeholders
This is the correct way
$sql = "SELECT * FROM users where username = ?";
$stmt = $conn->prepare($sql);
$stmt->bindParam(1, $username, PDO::PARAM_STR);
$stmt->execute();
return $stmt->fetchAll();
I tried to solve it with PDO and mysqli prepared statements but it still return false. So something is probably wrong with sql statement only, but i don't know what exacly.
$query = $db->prepare('SELECT * FROM bricks WHERE "text" LIKE CONCAT("%", :phrase, "%") AND tags LIKE CONCAT("%", :tag, "%") ORDER BY hearts DESC LIMIT {$start},{$pagesOnSite}');
$query->bindValue(':phrase', $phrase, PDO::PARAM_STR);
$query->bindValue(':tag', $tag, PDO::PARAM_STR);
$query->execute();
I also tried it this way:
$sql='SELECT * FROM bricks WHERE "text" LIKE CONCAT("%", ?, "%") AND tags LIKE CONCAT("%", ?, "%") ORDER BY hearts DESC LIMIT {$start},{$pagesOnSite}';
$stmt = $db->prepare($sql);
$stmt->bind_param("ss", $phrase, $tag);
$stmt->execute();
If you want to bind some text literal surrounded by wildcards, then you should build that entire string value in your PHP code. Then, bind it to your statement.
$sql = "SELECT * FROM bricks ";
$sql .= "WHERE text LIKE :phrase AND tags LIKE :tag ";
$sql .= "ORDER BY hearts DESC LIMIT {$start}, {$pagesOnSite}";
$query = $db->prepare($sql);
$query->bindValue(':phrase', '%'.$phrase.'%', PDO::PARAM_STR);
$query->bindValue(':tag', '%'.$tag.'%', PDO::PARAM_STR);
$query->execute();
i have below code in Laravel Model (class) to insert into database ,
but i get error: "
PDOException in ... SQLSTATE[42000] :syntax error ...
public function Add_new($Desc, $Cat_Name, $Loc_Name, $Loc_Des, $Comment, $Ven_Name)
{
$pdo = DB::connection()->getPdo();
$stmt = $pdo->prepare('
INSERT INTO itinv_category (name)
VALUES (:Cat_Name);
INSERT INTO itinv_location (name, Description)
VALUES (:Loc_Name,:Loc_Des);
INSERT INTO itinv_comment (text)
VALUES (:Comment);
INSERT INTO itinv_vendor (name)
VALUES (:Ven_Name);
SET #id1 = (SELECT MAX(id) FROM itinv_vendor);
SET #id2 = (SELECT MAX(id) FROM itinv_comment);
SET #id3 = (SELECT MAX(id) FROM itinv_location);
SET #id4 = (SELECT MAX(id) FROM itinv_category);
INSERT INTO itinv_inventory (category_id,location_id,vendor_id,comment_id,Description)
VALUES (#id4,#id3,#id1,#id2,:Desc);
');
$stmt->bindValue('Cat_Name', $Cat_Name);
$stmt->bindValue('Loc_Name', $Loc_Name);
$stmt->bindValue('Loc_Des', $Loc_Des);
$stmt->bindValue('Comment', $Comment);
$stmt->bindValue('Desc', $Desc);
$stmt->execute();
}
}
You are missing the Ven_Name:
$stmt->bindValue('Ven_Name', $Ven_Name);
i solved the problem , it was about ' pdo ' which can not operate multiple Mysql queries , we need to execute each query seperatley like below :
public function Add_new($Desc, $Cat_Name, $Loc_Name, $Loc_Des, $Comment, $Ven_Name)
{
// var_dump($Desc);
$stmt1 = ' INSERT INTO itinv_category (name)
VALUES (\'' . $Cat_Name . '\')';
$stmt2 = '
INSERT INTO itinv_location (name, Description)
VALUES (\'' . $Loc_Name . '\', \'' . $Loc_Des . '\')';
$stmt3 = 'INSERT INTO itinv_comment (text)
VALUES (\'' . $Comment . '\')';
$stmt4 = ' INSERT INTO itinv_vendor (name)
VALUES (\'' . $Ven_Name . '\')';
$stmt5 = 'SELECT MAX(id) AS id FROM itinv_vendor';
$stmt6 = 'SELECT MAX(id) AS id FROM itinv_comment';
$stmt7 = 'SELECT MAX(id) AS id FROM itinv_location';
$stmt8 = 'SELECT MAX(id) AS id FROM itinv_category';
$pdo = \DB::connection()->getPdo();
$stmt = $pdo->prepare($stmt1);
$stmt->execute();
$stmt = $pdo->prepare($stmt2);
$stmt->execute();
$stmt = $pdo->prepare($stmt3);
$stmt->execute();
$stmt = $pdo->prepare($stmt4);
$stmt->execute();
$stmt = $pdo->prepare($stmt5);
$stmt->setFetchMode(\PDO::FETCH_ASSOC);
$stmt->execute();
$arr = $stmt->fetchAll();
$Ven_ID = $arr['0']['id'];
$stmt = $pdo->prepare($stmt6);
$stmt->setFetchMode(\PDO::FETCH_ASSOC);
$stmt->execute();
$arr = $stmt->fetchAll();
$Comment_ID = $arr['0']['id'];
$stmt = $pdo->prepare($stmt7);
$stmt->setFetchMode(\PDO::FETCH_ASSOC);
$stmt->execute();
$arr = $stmt->fetchAll();
$Loc_ID = $arr['0']['id'];
$stmt = $pdo->prepare($stmt8);
$stmt->setFetchMode(\PDO::FETCH_ASSOC);
$stmt->execute();
$arr = $stmt->fetchAll();
$Cat_ID = $arr['0']['id'];
$stmt = $pdo->prepare('INSERT INTO itinv_inventory (category_id,location_id,vendor_id,comment_id,Description)
VALUES (:Cat_ID,:Loc_ID,:Ven_ID,:Comment_ID,:Desc)');
$stmt->bindValue('Cat_ID', $Cat_ID);
$stmt->bindValue('Loc_ID', $Loc_ID);
$stmt->bindValue('Comment_ID', $Comment_ID);
$stmt->bindValue('Ven_ID', $Ven_ID);
$stmt->bindValue('Desc', $Desc);
$stmt->execute();
}
}
I am trying to sum the values from a column using mysqli prepared statement with the code below but is not working. Does anyone can help me pointing what I am doing wrong? Thanks!
$stmt2 = $mysqli->prepare("SELECT SUM(col) as total FROM tb_a WHERE user=?");
$stmt2->bind_param("s", $user);
$stmt2->execute();
$op_row = $stmt2->fetch_assoc();
echo $op_row['total'];
Give this a go:
$user = "Larry"; // example
$stmt = $mysqli->prepare("SELECT SUM(col) FROM tb_a WHERE user=?");
$stmt->bind_param("s", $user);
$stmt->execute();
$stmt->bind_result($total);
$stmt->fetch();
echo $total;
or
$user = "Robert"; // example
$stmt = $mysqli->prepare("SELECT SUM(col) FROM tb_a WHERE user=?");
$stmt->bind_param("s", $user);
$stmt->execute();
$stmt->bind_result($total);
while ($stmt->fetch()) {
echo $total;
}
Try this:
$stmt2 = $mysqli->prepare("SELECT SUM(col) as total FROM tb_a WHERE user=?");
$stmt2->bind_param("s", $user);
$stmt2->execute();
$res = $stmt2->get_result();
$row = $res->fetch_assoc();
The prepared statement object do not have a fetch_assoc() method so you should first use get_result() and the result of that has a fetch_assoc()
Try this
$conn = new mysqli;
$sum = "SELECT SUM(col) as total FROM tb_a WHERE user=?";
$stmt = $conn->prepare($sum);
$stmt->bind_param("s", $user);
$sum= $stmt->execute();
I am trying to execute the following sql from php using pdo: SELECT * FROM my_table WHERE name=?.
When I do this:
$sql = 'SELECT * FROM my__table WHERE name=?' ;
$stmt = $dbconn->prepare($sql);
$stmt->bindValue(1, $_POST['name'], PDO::PARAM_STR);
$stmt->execute();
I get an empty result set.
When I do this:
$sql = 'SELECT * FROM my__table WHERE name=\''.$_POST['name'].'\'' ;
$stmt = $dbconn->prepare($sql);
$stmt->execute();
I get the row that I need.
The column 'name' is a VARCHAR(32). This bug only happens with strings. When the bound parameter is an sql INTEGER everything works like it is supposed to.
I am using sqlite3, php 5.2.6 under Apache on Ubuntu.
Both of these should work:
Without using binding
$sql = "SELECT * FROM my__table WHERE name = ? " ;
$stmt = $dbconn->prepare($sql);
$stmt->execute(array($_POST['name']));
Using a named parameter
$sql = "SELECT * FROM my__table WHERE name = :name " ;
$stmt = $dbconn->prepare($sql);
$stmt->bindParam(':name', $_POST['name'], PDO::PARAM_STR);
$stmt->execute(array($_POST['name']));
What about this?
$sql = "SELECT * FROM my__table WHERE name='?'" ;
$stmt = $dbconn->prepare($sql);
$stmt->bindValue(1, $_POST['name'], PDO::PARAM_STR);
$stmt->execute();