Problem with setting parameters with PDO

[Renlok]

For my search function im trying to build a search array but this part is giving my loads of problems I cant get it to work

foreach ($payment as $key => &$val){if (!$pri){$ora = "((au.payment LIKE :payment{$val})";$asparams[] = array(":payment{$val}", '%' . $system->cleanvars($val) . '%', PDO::PARAM_STR);}else{$ora .= " OR (au.payment LIKE :payment{$val}) AND ";$asparams[] = array(":payment{$val}", '%' . $system->cleanvars($val) . '%', PDO::PARAM_STR);}$pri = true;
}

the $ora is just added to the SQL later and the $asparams is the parameter array that is passsed into bindParam later

 

im getting the messasge

 

 

Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[HY000]: General error: 2053 ' in /home/**/class_db_handle.php:146 Stack trace: #0 /home/**/class_db_handle.php(146): PDOStatement->fetch(4) #1 /home/**/adsearch.php(233): db_handle->result('total') #2 {main} thrown in /home/ubidzzco/**/class_db_handle.php on line 146

 

anyone have any ideas?

[kicken]

Assuming $var is user input from the search form, you should not be using it as part of your placeholder names. Use a simple counter if you need to:

$counter=0;
foreach ($payment as $key => &$val){
   $counter++;
   //...
   $ora = "((au.payment LIKE :payment{$counter})";
}

If your cleanVars function is something to escape the value for sql inclusion then it's unnecessary. Prepared statements with bound parameters do not need the inputs escaped first, infact escaping them first may cause problems. The only escaping you may want to do is to escape % and _ for your like expression so they are not treated as wildcards.