Multiple WHERE clause to SQL statement

Question

I tried different approach, but still not working. The code below works, but I need to add another where clause. How to add more WHERE clauses to my SQL query?

public function getuserAcct(){

    $user_id =  $this->param['user_id'];
    $meter =  $this->param['meter'];
    $phone =  $this->param['phone'];

    $stmt=$this->dbConn->prepare("SELECT * FROM Monify Where user_id=".$user_id);
    $stmt->execute();
    $response=$stmt->fetch(PDO::FETCH_ASSOC);
    if($response || $response == 0)
    {
        $this->returnResponse(SUCCESS_RESPONSE,$response);
    }
    else       
    {
        $this->returnResponse(ERROR,$response);
    }
}

Answer 1

You are misusing prepared statements all values should be passed as placeholders and the bound in the execute method. Alternatively bindparam or bindvalue may be used, consult the manual for examples of those usages.

$stmt=$this->dbConn->prepare("SELECT * FROM Monify Where user_id= ?");
$stmt->execute(array($user_id));

To have multiple parts to a WHERE clause you just need to use the OR or AND operators. For example to check for a userid and phone number you could do:

$stmt=$this->dbConn->prepare("SELECT * FROM Monify Where user_id= ? AND phone=?");
$stmt->execute(array($user_id, $phone));

or if either field is optional,

$stmt=$this->dbConn->prepare("SELECT * FROM Monify Where user_id= ? OR phone=?");
$stmt->execute(array($user_id, $phone));

All this data is available in the MYSQL manual .

The WHERE clause, if given, indicates the condition or conditions that rows must satisfy to be selected....In the WHERE expression, you can use any of the functions and operators that MySQL supports, except for aggregate (summary) functions. See Section 9.5, “Expressions” , and Chapter 12, Functions and Operators .