rossc

Hi thanks for the input everyone. I started from scratch and now everything works as expected below is my working example. I'm still not quite sure what was wrong. function readLike($page, $from_record_num, $records_per_page, $searchval){ $query = "SELECT id, company_name, company_reg_number, vat_number FROM $this->table_name WHERE company_name LIKE ? ORDER BY company_name ASC LIMIT {$from_record_num}, {$records_per_page}"; $searchval = "%".$searchval."%"; $stmt = $this->conn->prepare( $query ); $stmt->bindParam(1, $searchval, PDO::PARAM_STR); $stmt->execute(); return $stmt; } I am going to read through your posts to understand more about the debugging process. Out of curiosity does my code prevent against sql injection ? Once again thanks for all the help

Many thanks to both of you for your help, I still cannot get this to work all the other similar methods n this class work fine but I can't find the problem with this one. What is the best way to check if the parameter is being replaced in the SQL string? below is my updated code Thanks Ross function readLike($myvalue){ //echo $myvalue; //die; $myquery = "SELECT id, company_name, company_reg_number, vat_number, website FROM $this->table_name where company_name like ? ORDER BY company_name ASC"; $myvalue = "%".$myvalue."%"; $mystmt = $this->conn->prepare( $myquery ); $mystmt->bindParam(1, $myvalue); try{ $mystmt->execute(); }catch(PDOException $exception){ echo "error: " . $exception->getMessage(); } //var_dump($mystmt); $myresult = $mystmt->fetch(PDO::FETCH_ASSOC); return $myresult; }

this is my new revised function but it still doesn't seem to replace the parameter. I know I'm probably missing something really obvious function readLike( $searchval ){ $myquery = "SELECT id, company_name, company_reg_number, vat_number, website FROM " . $this->table_name . " where company_name like ? ORDER BY company_name ASC"; $searchval = "'%".$searchval."%'"; $mystmt = $this->conn->prepare( $myquery ); $mystmt->bindParam(1, $searchval, PDO::PARAM_STR); $mystmt->execute(); $myresult = $mystmt->fetch(PDO::FETCH_ASSOC); return $myresult; }

Please could you help me specify the error level here is where a declare the database connection $database = new Database(); $db = $database->getConnection(); $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); I just added the third line, sorry I'm new to php and so far the server logs have helped me to find my errors. Being able to show errors for the sql part will be really helpful. Thanks

Thanks for the quick response, sorry yes I have been going backwards and forwards with the same code I meant to remove the parameters in the execute method. That makes sense thank you. I will have another go at it now.

Hi All this is my first post here I have a problem with some code I am writing and have been trying to find the problem for a while any help would be very much appreciated, I have a class for company and this method is supposed to return an associative array but as far as I can work out from dumping values etc I don't think the ? marks are being replaced by the parameters. function readLike($page, $from_record_num, $records_per_page, $searchval){ $query = "SELECT id, company_name, company_reg_number, vat_number, website FROM " . $this->table_name . " where company_name like ? ORDER BY company_name ASC LIMIT ?, ?;"; $stmt = $this->conn->prepare( $query ); $stmt->bindParam(1, $searchval, PDO::PARAM_STR); $stmt->bindParam(2, $from_record_num, PDO::PARAM_STR); $stmt->bindParam(3, $records_per_page, PDO::PARAM_STR); $stmt->execute(array($searchval, $from_record_num,$records_per_page); $result = $stmt->fetch(PDO::FETCH_ASSOC); return $result; } Thanks Ross