We Keep Coding

PHP PDO Prepared Statement parameter causing error

I'm having an issue with a prepared statement with a parameter, please see below.
I apologise in advance if this turns out to be some dumb mistake.
The error:
Failed to run query (Project List) - SQLSTATE[42000]: Syntax error or access violation: 1064
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''0,8'' at line 1
The code:
$limit = ($pagenum - 1) * $page_rows . "," . $page_rows;
print_r($limit); // Prints 0,8 as expected
$query = "SELECT * FROM projects INNER JOIN users ON projects.companyid = users.companyid ORDER BY projects.projectid DESC LIMIT :limit";
$query_params = array (
':limit' => $limit
);
try {
$stmt = $db->prepare($query);
$stmt->execute($query_params);
}
catch (PDOException $ex) {
die("Failed to run query (Project List)" . " - " . $ex->getMessage());
}
What I've tried so far:
Added the SQL Limit as part of the $limit string
Renamed the limit parameter/variables just in case (reserved keyword etc)
Tested the SQL query manually in SQLyog with the LIMIT 0,8 - works fine
Tested the prepared statement by directly passing the limit variable - works fine
Read all similar questions suggested, no similar issues found at least within my level of understanding.

Your $limit parameter is being escaped as one parameter, where it should be escaped as two. Your sql will currently look something like "limit '0, 8';" where it should look like "limit 0, 8";
To solve this, you should split your limit parameter into two. Edit the end of your SQL to look like:
LIMIT :offset, :limit
And your parameter list to look like:
$query_params = array (
':offset' => ($pagenum - 1) * $page_rows,
':limit' => $page_rows
);
As Mr Smith mentioned, you'll also have to add the line:
$db->setAttribute( PDO::ATTR_EMULATE_PREPARES, false );
To ensure the limit parameters are correctly handled as integers rather than strings.

MySQL,PHP: ORDER BY shoots an error.

Whenever I try to use ORDER BY I'm getting an error saying that it's something bad with syntax
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ORDER BY id' at line 1
For me, the syntax looks perfectly good, everything works as long as I don't use ORDER BY id. This is how it works:
$sql = "SELECT * FROM lessons $limit";
This is how I want it to work:
$sql = "SELECT * FROM lessons $limit ORDER BY id";
I have also tried this, but with no luck:
$sql = "SELECT * FROM lessons $limit ORDER BY id DESC";

ORDER BY needs to go before LIMIT.
Try:
$sql = "SELECT * FROM lessons ORDER BY id $limit";

Uncaught exception 'PDOException' with message SQLSTATE[42000]: Syntax error or access violation: 1064 [duplicate]

This question already has answers here:
How to apply bindValue method in LIMIT clause?
(11 answers)
Closed 2 years ago.
That is my query:
public function getAllServices($start, $limit)
{
$services = array();
$q = $this->init()->prepare('SELECT id, service_title, time_add FROM services ORDER BY id DESC LIMIT :start, :limit');
$q->execute(array(":start" => $start, ":limit" => $limit));
while ($values = $q->fetchAll(PDO::FETCH_ASSOC))
$services[] = $values;
return $services;
}
Error message:
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''0', '10''

Just to add some additional information to this - I'd had a similar problem and had been searching Google for a fix for a while. What I've discovered is that PDO parameterisation has a problem with repeated parameters:
$q = $this->init()->prepare("
(SELECT * FROM my_table WHERE date > :date LIMIT :limit)
UNION
(SELECT * FROM their_table WHERE date > :date LIMIT :limit)
");
$q->bindValue(':date', $somedate, PDO::PARAM_STR);
$q->bindValue(':limit', $limit, PDO::PARAM_INT);
$q->execute();
The resulting query from this code will NOT escape the first :limit but WILL incorrectly escape the second :limit, eg:
(SELECT * FROM my_table WHERE date > '2014-04-14' LIMIT 20)
UNION
(SELECT * FROM their_table WHERE date > '2014-04-14' LIMIT '20')
The reason why you see LIMIT being mentioned in a lot of these similar issues is that providing an escaped integer for field comparisons isn't going to break anything in MySQL, but doing the same thing for LIMIT does.
So while this doesn't specifically answer the OP's issue I imagine many people like myself will end up at this post with the same problem I had.
I don't currently have a tidy solution for this, so I've taken to using unique parameters such as :limit1 and :limit2. Perhaps someone can suggest a better solution?

Solution by OP.
That fixed the problem:
$q = $this->init()->prepare("SELECT id, service_title, time_add FROM services ORDER BY id DESC LIMIT :start, :limit");
$q->bindParam(':start', $start, PDO::PARAM_INT);
$q->bindParam(':limit', $limit, PDO::PARAM_INT);
$q->execute();

Based on the syntax error message, I would say that it's quoting the integers passed to LIMIT, which is not allowed.

DELETE statement with LIMIT and ORDER BY works in PhpMyAdmin, but not with PDO

I've to tried figure this out for half a day...
I have a script that calculates against the DB to see, if any rows should be deleted.
$number = count($INSERT)-count($INDB);
The $number variable will either be
$number = 0, which means that no rows should be deleted or inserted
$number > 0, which means that we need to insert rows
$nubmer < 0, which means that we need to delete some rows
The 1. and 2. works - but the 3. is giving me an error.
if($number < 0){
$limit = abs($number);
echo "DELETE FROM pversions
WHERE fk_p_id = $pid
ORDER BY pversion_id DESC
LIMIT $limit";
$remVersions = $pdo->prepare("
DELETE FROM pversions
WHERE fk_p_id = :pid
ORDER BY pversion_id DESC
LIMIT :lmt");
$remVersions->execute(array(":pid" => $pid, ":lmt" => $limit));
$left = count($versions)-$limit;
}
The echo could be returning this:
DELETE FROM pversions WHERE fk_p_id = 1 ORDER BY pversion_id DESC LIMIT 1
But this is giving me this PDO Exception:
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]:
Syntax error or access violation: 1064 You have an error in your SQL syntax;
check the manual that corresponds to your MariaDB server version for the right syntax
to use near ''1'' at line 4'
If i take the exact output of the echo from above and enter it in PhpMyAdmin, there is no problem at all. It perform the task exactly like i want it.
If I delete the LIMIT :lmt the error is not showing, and it deletes all the rows.
So I'm pretty sure the error is in the "LIMIT".
Hope someone can tell me what I'm doing wrong here.

Limit sql result on dbal

Im using dbal on Symfony2 to retrieve some info from my table:
$social = $conn->fetchAll('SELECT * FROM page WHERE brand_id = :brand LIMIT :start,:limit', array('brand'=>$brand, 'start'=>(int) $start, 'limit'=>(int) $limit));
Im getting an error only when I add the last part (LIMIT ....), this make me think that i cant limit the result inside the sql query but outside using some kind of command. How can i solve this?
Error:
An exception occurred while executing 'SELECT * FROM page WHERE brand_id = :brand LIMIT :start,:limit' with params {"brand":1,"start":0,"limit":4}:
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''0','4'' at line 1

$statement = $connection->prepare(
'SELECT ... LIMIT :limit'
);
$statement->bindValue('limit', $limit, \PDO::PARAM_INT);
$statement->execute();
$result = $statement->fetchAll();

Or you can simply use 3rd argument in the fetchAll($sql, array $params = array(), $types = array()) like that:
$social = $conn->fetchAll('SELECT * FROM page WHERE brand_id = :brand LIMIT :start,:limit', array('brand'=>$brand, 'start'=>(int) $start, 'limit'=>(int) $limit), array(\PDO::PARAM_STR, \PDO::PARAM_INT, \PDO::PARAM_INT));