StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POWhy does my query with named parameters return a blank result?
primarykey
Id
12689103
data
AcceptedAnswerId
12693610
AnswerCount
1
ClosedDate
CommentCount
8
CommunityOwnedDate
CreationDate
2012-10-02T11:04:04.273
FavoriteCount
0
LastActivityDate
2012-10-03T17:06:00.553
LastEditDate
2017-05-23T11:56:17.610
LastEditorUserId
-1
OwnerUserId
1289829
ParentId
0
PostTypeId
1
Score
1
ViewCount
142
LastEditorDisplayName
text
Body
I am converting my MySQL code over to PDO to take advantage of prepared statements. I was originally getting a fatal error as described in <a href="https://stackoverflow.com/questions/12663656/why-is-my-prepared-statement-giving-me-a-fatal-error/">this question</a>. I had solved that issue, but it brought up more problems when trying to add parameters. The code I am trying to get working is: <pre><code>include ("foo/bar.php"); try { $DBH = new PDO("mysql:host=$hostname;dbname=$database", $username, $password); } catch(PDOException $e) { echo $e->getMessage(); } $mydate=date("Y-m-d",strtotime("-3 months")); $foo_query=$DBH->prepare("SELECT id, postdate, title, SUBSTRING_INDEX(body,' ',20) as preview_text, body FROM BarTable WHERE postdate = :postdate AND postdate > '$mydate' ORDER BY postdate DESC"); $foo_query->execute( array('postdate' => $_REQUEST['postdate']) ); $DBH=null; </code></pre> In English, this is meant to read "take the current date and set it back 3 months calling it $mydate, then select all of those fields (also taking the first 20 words of the body and calling it 'preview_text') from my table where the postdate is equal to the parameter postdate and where postdate is greater than $mydate". I am then displaying the results in the following (note this is now abridged): <pre><code>$foo_query->setFetchMode(PDO::FETCH_ASSOC); while($r=$foo_query->fetch()) { echo $r["id"]; echo $r["title"]; echo date("d-M-Y",strtotime($r["postdate"])); echo nl2br ($r["preview_text"]); } </code></pre> Now, while the SELECT query is written as: <pre><code>("SELECT id, postdate, title, SUBSTRING_INDEX(body,' ',20) as preview_text, body FROM BarTable WHERE postdate > '$mydate' ORDER BY postdate DESC") </code></pre> ...it displays exactly what I need it to, but of course while this is prepared, it contains no parameters so only achieves 50% of the goal. I was under the impression the way of preparing the statement that I outlined initially would be fine as per the tutorials and advice I have already been given. I have tried to print my error and it brings up no error. I manually sent the query as follows and get no returns. Note I have tried the date strings in all manner of permutations: <pre><code>("SELECT id, postdate, title, SUBSTRING_INDEX(body,' ',20) as preview_text, body FROM BarTable WHERE postdate = 20121001 AND postdate > 20120701 ORDER BY postdate DESC") </code></pre> EDIT: The above was pointed out as incorrect but I will keep it here for reference as this section is explained in the comments below. EDIT: Manually sending the query now displays correctly when typing: <pre><code>("SELECT id, postdate, title, SUBSTRING_INDEX(body,' ',20) as preview_text, body FROM BarTable WHERE postdate = '2012-09-30 08:38:23' ORDER BY postdate DESC") </code></pre> The query does not display at all when typing any of the following: <pre><code>("SELECT id, postdate, title, SUBSTRING_INDEX(body,' ',20) as preview_text, body FROM BarTable WHERE postdate = :postdate ORDER BY postdate DESC") ("SELECT id, postdate, title, SUBSTRING_INDEX(body,' ',20) as preview_text, body FROM BarTable WHERE postdate = :postdate AND postdate > '$mydate' ORDER BY postdate DESC") ("SELECT id, postdate, title, SUBSTRING_INDEX(body,' ',20) as preview_text, body FROM BarTable WHERE postdate = '2012-09-30 08:38:23' AND postdate > '2012-07-01 00:01' ORDER BY postdate DESC") </code></pre> I am thinking that I should bind the parameter in some way, but the tutorials I've read do not specifically say that I should always bind them - I'm unsure of how to proceed. EDIT : I have looked to bind the statement as follows with no success. The query seemingly ignores the bind so the state of the query acts as all of the above permutations without binding: <pre><code>$foo_query->bindParam ( ":postdate", strtotime ( $_REQUEST['postdate']), PDO::PARAM_INT); $foo_query->execute(); </code></pre> What am I doing wrong, that isn't happening when I don't add parameters? Should I be declaring the :postdate parameter somewhere other than in the SELECT query? For the purposes of preventing SQL injection I would like to use named parameters as well as preparing the statement, but if I can't figure it out then I will just have to not used named parameters.
Tags
<php><pdo><sql-injection>
Title
Why does my query with named parameters return a blank result?
singulars
PostAcceptedAnswerId
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USCommunity
UserOwnerUserId
1. UStomdot
plurals
PostLinksPostIdRelatedPostId
1. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
PostLinksRelatedPostIdPostId
1. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 POWhy does my query with named parameters return a blank result?
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.