Stephen
Reputation: 390
Update to prepared SQL statement not returning results
I'm having trouble updating a site. With security in mind, I am trying to rewrite the SQL statements using PDO prepared. It's my preferred choice generally.
The site I'm working on has this query, returning results via json to a search box. It works ...
$sql = "SELECT * FROM stock_c_ranges WHERE deleted = 'no' AND current_status = 'current'";
$result = mysqli_query($conn, $sql);
$results_list = array();
while($row = mysqli_fetch_array($result)){
$results_list[] = $row['manufacturer_name'].' ID:'.$row['id'];
}
echo json_encode($results_list);
I've re-written using prepared statements ...
$range = "SELECT * FROM stock_c_ranges WHERE deleted= :deleted AND current_status= :cstatus";
$deleted='no';
$c_status='current';
$result_lists=array();
$stmt=$pd_con->prepare($range);
$stmt->bindParam(':deleted',$deleted,PDO::PARAM_STR);
$stmt->bindParam(':cstatus',$c_status,PDO::PARAM_STR);
$stmt->execute;
while($row=$stmt->fetch(PDO::FETCH_ASSOC)){
$results_list[] = $row['manufacturer_name']. 'ID:'.$row['id'];
}
echo json_encode($results_list);
..... this doesn't
I've either made a glaring syntax error that I'm just blind to after looking at it for so long, or there is something about using PDO and JSON/AJAX that I'm not aware of stopping it functioning.
Upvotes: 2
Views: 33
Answers (1)
Stephen
Reputation: 390
Apologies, writing it on here has highlighted the glaringly obvious ...
$stmt->execute;
Should have been ...
$stmt->execute();
Upvotes: 1
Related Questions
- Are PDO prepared statements sufficient to prevent SQL injection?
- How do I UPDATE from a SELECT in SQL Server?
- SQL update query using joins
- How can I do an UPDATE statement with JOIN in SQL Server?
- Should I use != or <> for not equal in T-SQL?
- SQL Update from One Table to Another Based on a ID Match
- Solutions for INSERT OR UPDATE on SQL Server
- PDO prepared state not giving same result as manual query