1

Current I'm trying to query a COUNT(*) using user input, so I want to prepare it, but when I do it there are no response, also I made using this: Row count with PDO as example, (prepare and query) but they both seems to doesn't work. Why? theres no reason...

$count = $con->query("SELECT COUNT(*) FROM $table WHERE senha='$senha' AND var='{$ar[$i]}'")->fetchColumn();
    if($count!=0){
        $q = $con->prepare("UPDATE $table SET value=':value' WHERE senha=':senha' AND var=':var'");
        $q->execute(array(':senha' => $senha, ':value' => $ar[$i+1], ':var' => $ar[$i]));
    }else{
        $q = $con->prepare("INSERT INTO $table (id,senha,var,value) VALUES (NULL, ':senha', ':var', ':value')");
        $q->execute(array(':senha' => $senha, ':var' => $ar[$i], ':value' => $ar[$i+1]));
    }

When I were using his first example (using prepare not query passing values using array) didn't work at all, the query one return a number but does not work the if (update or insert) part I've tried a bunch of things and outputs, nothing worked...

Improve this question
0

1 Answer 1

Reset to default
3

You should not include single quote when you use parameters bind with PDO. so correct your UPDATE and INSERT query to followings:

$q = $con->prepare("UPDATE $table SET value=:value WHERE senha=:senha AND var=:var");

and

$q = $con->prepare("INSERT INTO $table (id,senha,var,value) VALUES (NULL, :senha, :var, :value)");
Improve this answer
Sign up to request clarification or add additional context in comments.

8 Comments

Without single quotes they can use # or -- how to prevent this?
That will be taking care by PDO. That's the one of purpose of using PDO parameter bind actually :)
Weird, when I tried it seems to be commented hm, I'll try again. Thanks for answer (Accepted cause makes sense...)
you're welcome. please update here if you have any issue with it. I will try to answer
What values for the queries do you exactly have? The parameters should filter those any special characters for SQL. I wonder if you are having a problem with the first SELECT query? It isn't using parameters thus you need to sanitize values
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.