Jump to content

PHP PDO sql statement


razorsese

Recommended Posts

I'm having a problem whit the pdo - sql statement:

It dosen't return anything

but when i try $sql = " SELECT en FROM word WHERE MATCH (sp) AGAINST (:word IN BOOLEAN MODE ) "; without the pdo it's working perfectly


$sql = " SELECT en FROM word WHERE MATCH (:sp) AGAINST (:word IN BOOLEAN MODE ) ";
	$st = $con->prepare($sql);
	$st->bindValue(":word",$word,PDO::PARAM_STR);

	  $st->bindValue(':sp','sp',PDO::PARAM_STR);


    
	$st->execute();

Link to comment
Share on other sites

You can't bind a column name, only values.  What your running is a statement more like:

SELECT en FROM word WHERE MATCH ('sp') AGAINST ('honey' IN BOOLEAN MODE ) 

 

Your matching the literal string value 'sp' against the word honey.  Just put your column name in directly rather than bindValue a placeholder.

 

$sql='SELECT en FROM word WHERE MATCH (sp) AGAINST (:word IN BOOLEAN MODE ) ';
$st = $con->prepare($sql);
$st->bindValue(":word",$word,PDO::PARAM_STR);
$st->execute();

 

Link to comment
Share on other sites

You don't quote it in the query.

 

$col = 'column';
$query = 'SELECT '.$col.' FROM table';
echo $query;

 

If you want to specify a column name from user-data, you need to have very strict sanitization. Generic escape functions won't work.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.