Renlok Posted March 29, 2014 Share Posted March 29, 2014 For my search function im trying to build a search array but this part is giving my loads of problems I cant get it to work foreach ($payment as $key => &$val){if (!$pri){$ora = "((au.payment LIKE :payment{$val})";$asparams[] = array(":payment{$val}", '%' . $system->cleanvars($val) . '%', PDO::PARAM_STR);}else{$ora .= " OR (au.payment LIKE :payment{$val}) AND ";$asparams[] = array(":payment{$val}", '%' . $system->cleanvars($val) . '%', PDO::PARAM_STR);}$pri = true; } the $ora is just added to the SQL later and the $asparams is the parameter array that is passsed into bindParam later im getting the messasge Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[HY000]: General error: 2053 ' in /home/**/class_db_handle.php:146 Stack trace: #0 /home/**/class_db_handle.php(146): PDOStatement->fetch(4) #1 /home/**/adsearch.php(233): db_handle->result('total') #2 {main} thrown in /home/ubidzzco/**/class_db_handle.php on line 146 anyone have any ideas? Quote Link to comment Share on other sites More sharing options...
kicken Posted March 29, 2014 Share Posted March 29, 2014 Assuming $var is user input from the search form, you should not be using it as part of your placeholder names. Use a simple counter if you need to: $counter=0; foreach ($payment as $key => &$val){ $counter++; //... $ora = "((au.payment LIKE :payment{$counter})"; } If your cleanVars function is something to escape the value for sql inclusion then it's unnecessary. Prepared statements with bound parameters do not need the inputs escaped first, infact escaping them first may cause problems. The only escaping you may want to do is to escape % and _ for your like expression so they are not treated as wildcards. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.