I have a query below which I did with mysql_query before and it executed properly.. But using PDO it's showing some error
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1'
This is my code with mysql_query :
$sql1 = "SELECT * FROM product WHERE id IN (";
foreach($_SESSION['cart'] as $id => $value){
$sql1 .= $id.',';
}
$sql1 = substr($sql1, 0, -1) .")";
$query = mysql_query($sql1);
Using PDO without prepare statement.. :
$sql1 = "SELECT * FROM product WHERE id IN (";
foreach($_SESSION['cart'] as $id => $value){
$sql1 .= $id.',';
}
$sql1 = substr($sql1, 0, -1) .")";
$query = $db->query($sql1);
You miss to "add" the string here:
$sql1 = substr($sql1, 0, -1);
$sql1 .= ")";
In the PDO tag (info) you will find the correct procedure for PDO Prepared statements and IN.
The following code uses this method to add unnamed placeholders from your SESSION array
$in = str_repeat('?,', count($_SESSION['cart']) - 1) . '?';
$sql1 = "SELECT * FROM product WHERE id IN ($in)";
$params = $_SESSION['cart'] ;
$stmt = $dbh->prepare($sql1);
$stmt->execute($params);
DEMO
Related
I'm trying to update my database with the following query:
$sth = "UPDATE rpacks SET rpacks_location VALUES (:location) WHERE rpacks_id = (:id)";
$q = $conn->prepare($sth);
$q->execute(array(':location'=>$location, ':id'=>$id));
But I'm getting this error
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'VALUES ('test') WHERE rpacks_id = ('2')' at line 1' in
There is a mistake in your update query because you used insert query syntax.
Here is the correct query:
$sql = "UPDATE rpacks SET rpacks_location = :location WHERE rpacks_id = :id";
$stmt = $conn->prepare($sql);
$stmt->execute([':location'=>$location, ':id'=>$id]);
Reference:
http://dev.mysql.com/doc/refman/5.0/en/update.html
Change to:
$sth = "UPDATE rpacks SET rpacks_location = :location WHERE rpacks_id = :id";
I tried to use TRIM() in a PDO SELECT query and got a syntax error message as "Syntax error or access violation: 1064 You have an error in your SQL syntax;". What should I do to correct this error?
DB:
tblrecord (firstname, lastname, score)
PHP:
$firstname = trim('Mary');
$lastname = trim('Lamb');
$sql = "SELECT * FROM tblrecord WHERE TRIM(firstname) AS firstname = ? AND TRIM(lastname) AS lastname = ?";
$stmt = $connection->prepare($sql);
$stmt->execute( array($firstname, $lastname) );
Dont use alias on the WHERE
$sql = "SELECT * FROM tblrecord WHERE TRIM(firstname) = ? AND TRIM(lastname) = ?";
My PDO query is throwing an error
42000 1064 You have an error in your SQL syntax
$sql = "SELECT * FROM {$this->config->__get('table_medicine')} WHERE patient_id = ? AND medicine LIKE %?%";
$query = $this->dbh->prepare($sql);
$data = array($patient_id, $medicine);
$response = $query->execute($data) or die(implode(" ", $query->errorInfo()));
Can someone see what am I doing wrong?
The % need to be inside the string argument to LIKE. Either use CONCAT() in the SQL:
$sql = "SELECT * FROM {$this->config->__get('table_medicine')}
WHERE patient_id = ? AND medicine LIKE CONCAT('%', ?, '%')";
or do the concatenation in PHP:
$data = array($patient_id, '%'.$medicine.'%');
I'm trying to do like this using PHP and MySql PDO:
//PHP Variables
$msg_a = 'Too Little';
$msg_b = 'Score OK';
$sql = "select if(stdScore >= stdRequired, $msg_a, $msg_b) from scores;"
$results = $conn->prepare($Sql);
$results->execute();
AFAIK this should have worked. But I keep getting the following error message:
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '
How can something like this be done?
$results = $conn->prepare($Sql);
---------------------------------------------^ (capital S)
it should be with a lowercase s
$results = $conn->prepare($sql);
because you have:
$sql = "select if(stdScore >= stdRequired, $msg_a, $msg_b)
from scores";(//semicolon after double quotes)
---^
with a lowercase s ($sql)
Can you try this,
$sql = "select if(stdScore >= stdRequired, $msg_a, $msg_b) from scores";
$results = $conn->prepare($sql);
Have you tried it this way ?
$sql = "select if(stdScore >= stdRequired, "'.$msg_a.'", "'.$msg_b.'") from scores;"
Since you're already using PDO don't do query string interpolation leaving your code vulnerable to sql injections and value escaping problems. Instead use prepared statements properly.
Your code could've looked something like
$msg_a = 'Too Little';
$msg_b = 'Score OK';
// use placeholders in a query string
$sql = "SELECT IF(stdScore >= stdRequired, :msg_a, :msg_b) msg FROM scores";
// prepare the statement
$query = $conn->prepare($sql);
// bind parameters and execute the query
$query->execute(array(':msg_a' => $msg_a, ':msg_b' => $msg_b));
// fetch the resultset
$rows = $query->fetchall(PDO::FETCH_ASSOC);
I'm trying to update my database with the following query:
$sth = "UPDATE rpacks SET rpacks_location VALUES (:location) WHERE rpacks_id = (:id)";
$q = $conn->prepare($sth);
$q->execute(array(':location'=>$location, ':id'=>$id));
But I'm getting this error
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'VALUES ('test') WHERE rpacks_id = ('2')' at line 1' in
There is a mistake in your update query because you used insert query syntax.
Here is the correct query:
$sql = "UPDATE rpacks SET rpacks_location = :location WHERE rpacks_id = :id";
$stmt = $conn->prepare($sql);
$stmt->execute([':location'=>$location, ':id'=>$id]);
Reference:
http://dev.mysql.com/doc/refman/5.0/en/update.html
Change to:
$sth = "UPDATE rpacks SET rpacks_location = :location WHERE rpacks_id = :id";