I'm losing my mind. This query works fine (finds one matching record) when executed in SQLite Manager (FF plugin):
SELECT * FROM VendorDB WHERE lower(CompanyName) = 'b&b'
But this variablized SELECT statement (which is exactly the same as above when echo'd out) doesn't find anything.
SELECT * FROM VendorDB WHERE lower(CompanyName) = [vendor variable containing 'b&b]
When the string does not contain an '&' both queries work the same. I've googled all over and not been able to find anything about why the query shouldn't work consistently.
BTW, I'm using PHP:PDO to execute the query.
EDIT_1: Here's how the query is being handled (after implementing the suggestions from @Phil), where $dbh is the database connection:
$qry = "SELECT * FROM VendorDB WHERE lower(CompanyName) = ?";
//[$vendor is the variable containing 'b&b]
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$go_fetch = $dbh->prepare($qry);
$go_fetch->bindParam(1,$vendor);
$go_fetch->execute();
and the results are retrieved as:
$go_fetch->setFetchMode(PDO::FETCH_ASSOC);
$data = $go_fetch->fetchAll();
All of which yields an empty array, but should yield one and only one record.
Also note that I've echo'd the value of the variable $vendor prior to being inserted into the query and it is the correct value (ie 'b&b' not 'b&b'
)
As mentioned in my comment above, use a proper parameterised statement. For example...
$qry = "SELECT * FROM VendorDB WHERE lower(CompanyName) = ?";
$go_fetch = $dbh->prepare($qry);
Then, either pass the parameter in to the execute
method
$go_fetch->execute([$vendor]);
or bind it first, then execute
$go_fetch->bindParam(1, $vendor);
$go_fetch->execute();
I doubt very much that the ampersand is causing any issues. I can't find any reference to it as an SQLite special character.
I'd say the issue is either that the value in fact contains b&b
or that it contains other problem characters like '
. The former indicates a problem with where and how the $vendor
variable is set. The latter is solved by my answer above.
I've resolved the issue. It was a stupid error on my part, but memorializing the answer here in case its useful to someone else.
The problem was indeed that the '&' sign was being converted into '&'. (Thanks @CBroe for the clue!) It was hard to detect because it wasn't showing up in any of the browser output I was looking at (including viewing the page source).
Long ago and far away I had forgotten that I had set up a standard form-handling function to "cleanse" all POST data. One line in that function took each posted value and applied the htmlspecialchars() function to it. This converted the 'b&b' into 'b&b'. Great for the HTML echo'd output, not so good for database comparison strings.
For this particular application, if I do not apply the htmlspecialchars() everything works as expected, regardless of the way that PDO is implemented.
Lesson re-learned... never forget the "defaults" you establish!
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.