Jump to content

prepared query join problems.

Love2c0de

By Love2c0de
in PHP Coding Help

 Share

Recommended Posts

Love2c0de Regular Member

Love2c0de

Posted
Posted (edited)

Good evening,

 

I am trying to create a user profile system on my website. I have the ability to register and login fine. I've hard coded a dummy profile into the profiles table.

 

The way in which I am going to retrieve the profile data is by matching the users username in both tables.

 

At the moment my query is returning all of the members in the user table and all of the profile information in the other table - profiles.

 

This is my query:

 
$stmt = $conn->prepare("SELECT * FROM users LEFT JOIN profiles ON users.? = profiles.username") or die("Error: ".mysqli_error($conn));
 

Not sure if the way I am going about it is the correct way either so any advice and guidance is greatly received.

 

Kind regards,

 

L2c.

Edited by Love2c0de
Link to comment
Share on other sites
Love2c0de Regular Member

Love2c0de

Posted
  • Author
Posted

Oh, this seems to have fixed it:

 

 
$stmt = $conn->prepare("SELECT * FROM users,profiles WHERE users.username AND profiles.username = ?") or die("Error: ".mysqli_error($conn));
 

 

Regards,

 

L2c.

Link to comment
Share on other sites
jcbones Newbie

jcbones

Posted
Posted

I know it is fixed, but just would like to note that you cannot bind parameters to column names nor table names in prepared statements.

 


 

Note:

The markers are legal only in certain places in SQL statements. For example, they are allowed in the VALUES() list of an INSERT statement (to specify column values for a row), or in a comparison with a column in a WHERE clause to specify a comparison value.

However, they are not allowed for identifiers (such as table or column names), in the select list that names the columns to be returned by a SELECT statement, or to specify both operands of a binary operator such as the = equal sign. The latter restriction is necessary because it would be impossible to determine the parameter type. It's not allowed to compare marker with NULL by ? IS NULL too. In general, parameters are legal only in Data Manipulation Language (DML) statements, and not in Data Definition Language (DDL) statements.

Link to comment
Share on other sites
kicken Prolific Member

kicken

Posted
Posted

This is my query:

 
$stmt = $conn->prepare("SELECT * FROM users LEFT JOIN profiles ON users.? = profiles.username") or die("Error: ".mysqli_error($conn));
 

 

The proper way to code that query would be this:

SELECT * FROM users LEFT JOIN profiles ON users.username=profiles.username WHERE users.username=?
Then you bind the username you want to search for as the value for the ? parameter.
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.