pdo select error

[ramiwahdan]

Hi,

I have select statement that will take data from form and add it to select statement but i get this error:
 

Fatal error
: Uncaught PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ':startdate and DATE(ClockingOutDate) <= :enddate ORDER BY o' at line 16 in C:\xampp\htdocs\AttendanceSystem\login\reportsbydateforall.php:62 Stack trace: #0 C:\xampp\htdocs\AttendanceSystem\login\reportsbydateforall.php(62): PDO->query('SELECT oracleid...') #1 {main} thrown in
C:\xampp\htdocs\AttendanceSystem\login\reportsbydateforall.php
on line
62

this is the code:

<?Php include('session.php');?>

<html>
<head>
<link rel="stylesheet" type="text/css" href="bootstrap.css">
</head>

<body>

	<Center>
	
	<h2>Please enter start date and end date:</h2>
	
	</center>
	<form action="#" method="post">
	
	<center>
	<h5>Start Date:<input type="date" name="sdate" placeholder = "Start Date" required="required"></input>
	End Date:<input type="date" name="edate" placeholder = "End Date" required="required"></input>
	<input type="submit" name="saveit" value="Generate"></input></h5>
	</center>
	
	</form>

	<div class="container">
		<div class="row">
			<div class="col m-auto">
				<div class="card mt-5">
					<table class="table table-bordered">
					
						<tr>

							<input type="button" onClick="window.print()" value="Print The Report"/>
							<td>OracleID</td>
							<td>Name</td>
							<td>Designation</td>
							<td>Clocking In Time</td>
							<td>Clocking Out Time</td>
							<td>Duration</td>
						
						</tr>
						
<?php


	if (isset($_POST['saveit']))
								
	{

		$servername = "localhost";
		$username = "rwahdan";
		$password = "fatima2010";
		
		$sdate1 = $_POST['sdate'];
		$edate1 = $_POST['edate'];

			$conn = new PDO("mysql:host=$servername;dbname=timeclock", $username, $password);
			// set the PDO error mode to exception
			$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

					$res = $conn->query("SELECT oracleid
                         , name 
                         , des 
                         , clockingindate
                         , clockingoutdate  
                         , timediff(clockingoutdate, clockingindate) as duration
                         , total
                    FROM attendance_records
                         JOIN (
                                SELECT oracleid
                                     , sec_to_time(sum(timestampdiff(SECOND, clockingindate, clockingoutdate))) as total
                                FROM attendance_records
								where isdone =-1 
                                GROUP BY oracleid
                              ) tots USING (oracleid)
							  where isdone =-1 and DATE(ClockingOutDate) >= :startdate and DATE(ClockingOutDate) <= :enddate
                    ORDER BY oracleid, clockingindate
                    ");
					
					$prepared=$conn->prepare($res);
					
					// bind parameters with placeholders
						$prepared->bindParam(':startdate',$_POST['sdate']);
						$prepared->bindParam(':enddate',$_POST['edate']);

					// execute the query
						$prepared->execute();
						
					// fetch results
						$results=$prepared->fetchAll();
						
					// this will return an array containing all of the rows in the result set
					// check for errors
						if ($prepared->errorCode()!=0) {
						   die(print_r($prepared->errorInfo()));
						}
					

		?>

problem with where clause conditions but don't know how to deal with this issue.

[requinix]

When you're using prepared statements you pass the query string to prepare(). You don't use query() at all.