CODEWITHSUNDEEP
phpmysqlpdo
nick
nick

Reputation: 333

PDO showing error

I have a query below which I did with mysql_query before and it executed properly.. But using PDO it's showing some error

Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1'

This is my code with mysql_query :

$sql1 = "SELECT * FROM product WHERE id IN (";
                    foreach($_SESSION['cart'] as $id => $value){
                        $sql1 .= $id.',';
                    }
                $sql1 = substr($sql1, 0, -1) .")";  
                $query = mysql_query($sql1);

Using PDO without prepare statement.. : 

$sql1 = "SELECT * FROM product WHERE id IN (";
                    foreach($_SESSION['cart'] as $id => $value){
                        $sql1 .= $id.',';
                    }

                $sql1 = substr($sql1, 0, -1) .")";

                $query = $db->query($sql1);

Upvotes: 2

Views: 153

Answers (2)

david strachan
david strachan

Reputation: 7228

In the PDO tag (info) you will find the correct procedure for PDO Prepared statements and IN.

PDO Tag

The following code uses this method to add unnamed placeholders from your SESSION array

$in = str_repeat('?,', count($_SESSION['cart']) - 1) . '?';
$sql1 = "SELECT * FROM product WHERE id IN ($in)";
$params = $_SESSION['cart'] ;
$stmt = $dbh->prepare($sql1); 
$stmt->execute($params);

DEMO

Upvotes: 3

djot
djot

Reputation: 2947

You miss to "add" the string here:

$sql1 = substr($sql1, 0, -1);
$sql1 .=  ")";

Upvotes: 4

Related Questions