1

I just started with PHP and I don't understand why this line won't work

$zoek = '2341 KG';
foreach ($pdo->query ("select * from blad1 where Postkode = $zoek" ) as $klant)

but this one does work perfect

foreach ($pdo->query ("select * from blad1 where Postkode = '2341 KG' " ) as $klant)
Improve this question
1
  • 2
    Why don't you bind the parameter properly? Commented Jun 23, 2014 at 15:44

1 Answer 1

Reset to default
4

You should prepare that query.

$stmt = $pdo ->prepare("select * from blad1 where Postkode = ?" );
$stmt->execute(array($zoek)); 
$klant = $stmt->fetch();//no loop it's a single record!
Improve this answer
Sign up to request clarification or add additional context in comments.

8 Comments

it's not an issue, just cleaner. +1 for binding :)
Thank you, this one works fine for me. I will lookup, how and why I should prepare this query
Can you remove the part about quoting entirely? The placeholder method is the only reasonable way to do this here. That first example is a SQL injection bug.
@tadman I removed that part, it was just an attempt to answer as to why it didnt work. is that why im getting downvoted?
I flipped it after you fixed it. Thanks! Explanations are fine, but code that works and exposes people to serious risk is not a great way to start an answer.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.