Jump to content

bindParam not working with prepare($sql)


Go to solution Solved by mac_gyver,

Recommended Posts

with php pdo, the bindParam is not working. The query outputs :words and instead of the $words value. How can i get this code working?

$sql = "SELECT count(*) FROM posts WHERE MATCH (comments) AGAINST (':words' IN BOOLEAN MODE)";
$stmt = $db->prepare($sql);
$stmt->bindParam(':words', $words);
$stmt->execute();

which code example is more safe? The code below now has $words instead of :words but is missing bindParam.

$stmt = $db->prepare(SELECT count(*) FROM posts WHERE MATCH (comments) AGAINST ('$words' IN BOOLEAN MODE)");
$stmt->execute();

$words is passed through both php $_get and $_post

Link to comment
https://forums.phpfreaks.com/topic/293609-bindparam-not-working-with-preparesql/
Share on other sites

define 'not working'? what symptom or error are you getting the leads you to believe it doesn't work? 

 

also, there may be a mysql version dependency that will prevent using any bound parameter in this type of comparison in a query statement and it may even be related to using emulated prepares (which is the default, unless you have specifically turned them off.)

PDO::ATTR_EMULATE_PREPARES, i tried 'true'  and still the same error.

SQLSTATE[HY093]: Invalid parameter number

$sql = "SELECT count(*) FROM posts WHERE MATCH (comments) AGAINST (:words IN BOOLEAN MODE)";
$stmt = $db->prepare($sql);
$stmt->bindParam(':words', $words);
$stmt->execute();
Edited by kalster

i tried your query/code on my development system and it doesn't throw that error. are you sure the error isn't coming from some other query? if you are using exceptions and are not echoing the $sql statement and/or the line and file where the exception was thrown at, it could be from a completely different query statement.

 

the error is typically when you have a different number of place-holders in the query than what you have bound.

 

also, there's a slight chance that the actual value in $words could be causing such an error. what value are you testing with in $words?

  • Solution
Also, the full query has more than one :words in it.

 

 

a) you cannot do that. each place-holder can only appear once in a query, with a bind statement for each. you would need to use something like :words1, :words2 but bind the same variable to each.

 

b) when you don't post the actual code/query that is causing a problem, you just waste everyone's time.

that would be why your error handling should tell you everything possible about the error -

 

if you are using exceptions and are not echoing the $sql statement and/or the line and file where the exception was thrown at, it could be from a completely different query statement.

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.