PDO query not displaying results?
Question
Okay so i am new to PDO statements so i am unsure if i have done a syntax error or whatnot. The php file does not show any errors:
<?php
include('db_config.php');
$itemName = 'Item1';
$sql = "SELECT * FROM order WHERE itemName = $itemName;";
$stmt = $conn->prepare($sql);
$stmt->execute();
while ($row = $stmt->fetch(PDO::FETCH_ASSOC))
{
echo $row['itemName'];
}
?>
My objective is to pull an item using bootstraps datepicker, but for the purpose of this testing i am using the itemName. The php file comes up blank?
I have checked the field names, db_config, and am unsure where the issue is coming from.
Please let me know if i have done an error in my statement or anything that seems wrong.
3 answers
solution1
4 ACCPTED 2015-04-28 03:50:51
Firstly, you're using a MySQL reserved word , being order and it requires special attention; mainly using ticks around it.
Then since we're dealing with a string, $itemName needs to be wrapped in quotes.
<?php
include('db_config.php');
$itemName = 'Item1';
$sql = "SELECT * FROM `order` WHERE itemName = '$itemName';";
$stmt = $conn->prepare($sql);
$stmt->execute();
while ($row = $stmt->fetch(PDO::FETCH_ASSOC))
{
echo $row['itemName'];
}
?>
- Either use ticks around your table name, or rename it to "orders", it's not a reserved keyword.
"The php file does not show any errors:"
That's because you're not checking for them.
Add $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); right after the connection is opened.
- Now, if you're going to use PDO, use PDO with prepared statements , they're much safer .
As per a comment you left under your question containing the MySQL error:
1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order
- Read it
near 'orderit starts at "order".
Now, if ever your query should ever contain any character that MySQL will complain about, such as a quote etc. then you will need to escape your query and use prepared statements.
For example, if using:
$itemName = "Timmy's Sour Dough";
would translate to
WHERE itemName = 'Timmy's Sour Dough'
in turn throwing a syntax error.
So, it's best to immediately escape any data right away.
Edit
Your use of prepare and new to PDO collectively suggest that you are already trying to use prepared statements, just not the right way. You're just a little off from a well prepared statement. One correct way in your code would be
$sql = "SELECT * FROM `order` WHERE itemName = ? ";
$stmt = $conn->prepare($sql);
$stmt->execute(array($itemName));
Notice how we have a ? in your query then we are sending a value for it in your execute call. There you go :)
- Using PDO with prepared statements will take care of that.
solution2
1 2015-04-28 03:45:14
You're completely ignoring the main reason people use PDO. Prepared statements are what you should be using, which would make your query look like this:
$itemName = 'Item1';
$sql = "SELECT * FROM order WHERE itemName = ?";
$stmt = $conn->prepare($sql);
$stmt->bindParam(1, $item, PDO::PARAM_STR);
$stmt->execute();
Read up on bindParam() .
In future, turn on your error reporting at the beginning of the script with this:
ini_set('display_errors', 1);
error_reporting(E_ALL);
That will save you a lot of time.
solution3
0 2015-04-28 03:45:34
Looks like there is an error in you sql statement. since itemName is either a varchar or text in your database, you need to put it in single quotes in the query:
$sql = "SELECT * FROM order WHERE itemName = '$itemName';";
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.