2

i want to try to showing my data from database using bindParam but i get some error.

Recoverable fatal error: Object of class PDOStatement could not be converted to string in C:\xampp\htdocs\piratefiles\search.php on line 15

here my code

$category = htmlentities($_GET['c']);
$query = htmlentities($_GET['q']);

$page = (isset($_GET['page'])) ? $_GET['page'] : 1;
$limit = 20;
$limit_start = ($page - 1) * $limit;

$query = $db->prepare ("SELECT * FROM `posting` WHERE 'category' = :category AND 'file_name' like :query ORDER BY date DESC LIMIT ".$limit_start.",".$limit);

$query->bindParam(":category", $category);
$query->bindParam(":query", $query);

$query->execute();
Improve this question
2
  • 1
    You're overwriting the $query-variable with your prepared statement. First you have $query = htmlentities($_GET['q']);, then you have $query = $db->prepare(...) and last you have $query->bindParam(":query", $query);. Use different variable names for different things. Commented Dec 31, 2017 at 2:19
  • ah,i forget it. thanks. but im add some code sice im using LIKE. edit my question. now working good. Commented Dec 31, 2017 at 2:28

2 Answers 2

Reset to default
4

$query was the user input, then you assigned it as the PDOStatement, then your the passing it back to bindParam

Change the var name.

$category = htmlentities($_GET['c']);
$query = htmlentities($_GET['q']);

$page = (isset($_GET['page'])) ? $_GET['page'] : 1;
$limit = 20;
$limit_start = ($page - 1) * $limit;

$stmt = $db->prepare ("SELECT * FROM `posting` WHERE 'category' = :category AND 'file_name' like :query ORDER BY date DESC LIMIT ".$limit_start.",".$limit);

$stmt->bindParam(":category", $category);
$stmt->bindParam(":query", $query);

$stmt->execute();
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Since im using LIKE so, need to make another variable.

$keyword1 = "%".$category."%";
$keyword2 = "%".$query1."%";

Here's Full code.

$category = htmlentities($_GET['c']);
$query1 = htmlentities($_GET['q']);

$page = (isset($_GET['page'])) ? $_GET['page'] : 1;
$limit = 20;
$limit_start = ($page - 1) * $limit;

$query = $db->prepare ("SELECT * FROM `posting` WHERE category LIKE :category AND file_name LIKE :query1 ORDER BY date DESC LIMIT ".$limit_start.",".$limit);

$keyword1 = "%".$category."%";
$keyword2 = "%".$query1."%";

$query->bindParam(":category", $keyword1);
$query->bindParam(":query1", $keyword2);

$query->execute();
Improve this answer

1 Comment

Yeah that's fine, you could also use bindValue and not need to define other temp variables, or even pass an array with everything in to execute. But that wasn't the original problem.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.