1

I am still getting my head around a PDO statement but the code below does not do what I assumed it would 

  $temp = "6c ";    
  $weather_report = "Its currently $temp " ; 

  $qry = $pdo->exec("UPDATE data_weather SET text= '$weather_report' WHERE period='report' ");

This does update my database but only with 'Its currently' and the temp value is missing ,

After reading some articles I believe I need to use quote but I am not sure how to implement it ?

any help please ?

Improve this question
3
  • what's the type/size of the text field? Commented Apr 16, 2013 at 16:44
  • You need to read up on SQL escaping and make a point to never, ever insert arbitrary user data into your query strings. Seeing $weather_report inside a query should set off alarm bells. Commented Apr 16, 2013 at 16:46
  • you should use prepared statements php.net/manual/en/pdo.prepared-statements.php Commented Apr 16, 2013 at 16:47

2 Answers 2

Reset to default
5

Please use query parameters instead of interpolating variables into SQL strings.
It's safer, faster, and easier.

$temp = "6c ";    
$weather_report = "It's currently $temp " ; 

$sql = "UPDATE data_weather SET text= ? WHERE period='report'";
$stmt = $pdo->prepare($sql);
$stmt->execute(array($weather_report));

Note that you don't need to quote the string. In fact, you must not put quotes around the ? placeholder. You can use apostrophes inside your weather report string safely.

You can use a parameter placeholder any place you would normally put a single scalar value in an SQL expression. E.g. in place of a quoted string, quoted date, or numeric literal. But not for table names or column names, or for lists of values, or SQL keywords.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thanks for that Bill, I was unsure of declaring $weather_report as an array ?
The PDOStatement::execute() function requires its argument to be an array, so you can pass multiple parameters to the SQL query.
Anonymous downvoter, please let me know what you feel is not right in this answer, so I can try to improve it.
-1

Although Bill has already answered the question, I'd like to add:

Do not use named parameters with TEXT columns, at least not with MySQL. It won't work. Use question marks instead.

Improve this answer

4 Comments

Would you please kindly delete your misleading comment? Thanks in advance.
@YourCommonSense Check it on PHP forums. It is a true bug many have experienced, but it may have already been solved.
Many have experienced an aliens' visits as well.
@YourCommonSense I do understand that it may sound like an aliens' visit, but I have truly experienced it. I admit that PHP is not my cup of coffee and the problem might have been elsewhere, but using '?' instead of named parameters solved my problem at the time. I am willing to delete my answer the very moment you provide an evidence that it isn't so. I would have done it myself already if I had had an appropriate workspace.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.