Databases
StackOverflow2013
Postsdbo
PO
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    primarykey
    data
    text
    <p><strong>EDIT</strong>: You're using mysqli not PDO my fault. Unfortunately mysqli doesn't support named parameters.</p> <p>In your original example, you're treating <code>$conn2-&gt;prepare</code> like it's a property, but it's a function.</p> <p>Try this:</p> <pre><code>// Presumably by this point you have a $sql and a $where that you're appending to. if (isset($_POST['plant_name']) &amp;&amp; $_POST['plant_name']) { $where .= "AND (common_name) LIKE ? OR (latin_name) LIKE ?"; } $stmt = $conn2-&gt;prepare($sql . $where); if (isset($_POST['plant_name']) &amp;&amp; $_POST['plant_name']) { $stmt-&gt;bind_param('s', strtolower($_POST['plant_name'])); $stmt-&gt;bind_param('s', strtolower($_POST['plant_name'])."%"); } </code></pre> <hr> <p>Here's the PDO way (I think it's a lot cleaner, but it's probably not worth changing from mysqli to PDO at this point for you):</p> <pre><code>$statement = $conn2-&gt;prepare( "UPDATE tablename SET field1 = :value1, field2 = :value2 WHERE common_name LIKE :plant_name OR latin_name LIKE :plant_name "); $statement-&gt;bindValue('value1', $_POST['field1']); $statement-&gt;bindValue('value2', $_POST['field2']); $statement-&gt;bindValue('plant_name', strtolower($_POST['plant_name'])); </code></pre> <p>Note a few things about this:</p> <ol> <li>I switched you from using <code>?</code> (numerically indexed placeholders) to <code>:name</code> (name-based placeholders). Since you're using the same value for searching both fields, this gets you a very small performance gain, and makes the SQL a lot more readable.</li> <li>You don't want to put quote marks around the bound parameter. One of the advantages of bound parameters is that they don't need to be quote-escaped. The SQL is sent on a separate channel from the parameter values. So there's no chance of SQL injection. The database notices the bound parameter and reads the right value all on its own by looking it up in the bound parameters data.</li> </ol>
    singulars
    1. This table or related slice is empty.
    1. POPrepared statement issue
      singulars
      1. PTQuestion
    1. PTAnswer
    1. USMightyE
    1. USMightyE
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. POPrepared statement issue
      singulars
      1. PTQuestion
    1. This table or related slice is empty.
    1. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    3. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    1. COThank you for that mate but I am now getting this error: Fatal error: Call to undefined method mysqli::bindValue()
      singulars
      1. PO
      1. USuser1227124
    2. COSee revised version, too much for a comment =)
      singulars
      1. PO
      1. USMightyE
    3. COI thought that was PDO. Thank you. I dont mean to be a pain but now im getting 2 errors: Undefined variable: sql AND Call to a member function bind_param() on a non-object
      singulars
      1. PO
      1. USuser1227124
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload