Select returning empty query

Question

I'm trying to select data where by acc_id

What I get in my localhost: []

However, when I set a specific acc_id i get the correct row is there something in my syntax?

<?php

header('Access-Control-Allow-Origin: *');

// Define database connection parameters
$hn      = 'localhost';
$un      = 'root';
$pwd     = '';
$db      = 'ringabell';
$cs      = 'utf8';

// Set up the PDO parameters
$dsn  = "mysql:host=" . $hn . ";port=3306;dbname=" . $db . ";charset=" . $cs;
$opt  = array(
                    PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
                    PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_OBJ,
                    PDO::ATTR_EMULATE_PREPARES   => false,
                   );
// Create a PDO instance (connect to the database)
$pdo  = new PDO($dsn, $un, $pwd, $opt);
$data = array();


// Attempt to query database table and retrieve data
try {   
        $acc_id = $pdo->prepare('SELECT acc_id FROM account_info');
        $stmt = $pdo->prepare('SELECT p_fname, p_lname, p_condition FROM patient_info WHERE acc_id = "$acc_id"');
        $stmt->execute([$acc_id]);
        while($row = $stmt->fetch(PDO::FETCH_ASSOC))
        {
            // Assign each row of data to associative array
            $data[] = $row;
        }

  // Return data as JSON
  echo json_encode($data);
  }
 catch(PDOException $e)
{
  echo $e->getMessage();
}
?>

Answer 1

It seems like you want to use the prepared statement but instead executing your query instantly. If you want to bind the value to your query use something like this:

$acc_id = // get the $acc_id value from somewhere you want
$stmt = $pdo->prepare('SELECT p_fname, p_lname, p_condition FROM patient_info WHERE acc_id = ?');
$stmt->execute([$acc_id]);
while($row = $stmt->fetch(PDO::FETCH_ASSOC))
{
     // Assign each row of data to associative array
     $data[] = $row;
}

Example with using a placeholder

Instead of executing your statement with the array of params, you could also use the bindValue() or the bindParam() method:

$stmt = $pdo->prepare('SELECT p_fname, p_lname, p_condition FROM patient_info WHERE acc_id = :acc_id');
$stmt->bindValue(':acc_id', $acc_id);
$stmt->execute();
// everything else works as previous

The difference between these two methods is written in docs:

bindValue() :

Binds a value to a corresponding named or question mark placeholder in the SQL statement that was used to prepare the statement.

bindParam() :

Binds a PHP variable to a corresponding named or question mark placeholder in the SQL statement that was used to prepare the statement. Unlike PDOStatement::bindValue(), the variable is bound as a reference and will only be evaluated at the time that PDOStatement::execute() is called.