1

Current I'm trying to query a COUNT(*) using user input, so I want to prepare it, but when I do it there are no response, also I made using this: Row count with PDO as example, (prepare and query) but they both seems to doesn't work. Why? theres no reason...

$count = $con->query("SELECT COUNT(*) FROM $table WHERE senha='$senha' AND var='{$ar[$i]}'")->fetchColumn();
    if($count!=0){
        $q = $con->prepare("UPDATE $table SET value=':value' WHERE senha=':senha' AND var=':var'");
        $q->execute(array(':senha' => $senha, ':value' => $ar[$i+1], ':var' => $ar[$i]));
    }else{
        $q = $con->prepare("INSERT INTO $table (id,senha,var,value) VALUES (NULL, ':senha', ':var', ':value')");
        $q->execute(array(':senha' => $senha, ':var' => $ar[$i], ':value' => $ar[$i+1]));
    }

When I were using his first example (using prepare not query passing values using array) didn't work at all, the query one return a number but does not work the if (update or insert) part I've tried a bunch of things and outputs, nothing worked...

Improve this question
0

1 Answer 1

Reset to default
3

You should not include single quote when you use parameters bind with PDO. so correct your UPDATE and INSERT query to followings:

$q = $con->prepare("UPDATE $table SET value=:value WHERE senha=:senha AND var=:var");

and

$q = $con->prepare("INSERT INTO $table (id,senha,var,value) VALUES (NULL, :senha, :var, :value)");
Improve this answer
Sign up to request clarification or add additional context in comments.

8 Comments

Without single quotes they can use # or -- how to prevent this?
That will be taking care by PDO. That's the one of purpose of using PDO parameter bind actually :)
Weird, when I tried it seems to be commented hm, I'll try again. Thanks for answer (Accepted cause makes sense...)
you're welcome. please update here if you have any issue with it. I will try to answer
What values for the queries do you exactly have? The parameters should filter those any special characters for SQL. I wonder if you are having a problem with the first SELECT query? It isn't using parameters thus you need to sanitize values
|

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.