CODEWITHSUNDEEP
phpsql
haystax
haystax

Reputation: 13

add PHP variable in SQL WHERE

on my first UPDATE statement, im trying to have my WHERE value contain the variable $couponCode but it does not work as of now. This is so that the correct row updates depending on what the input is. any help would be appreciated.

if ($couponCode == $coupons_db3['coupon_code']){
   echo $couponCode;
   $stmt = $db->prepare('UPDATE promocode_3 SET used = 1 WHERE coupon_code ='.$couponCode);
   $stmt = $db->prepare('UPDATE usr_customer_profile SET packageid = 3 WHERE usrcustomerid = :usrcustomerid');
   $stmt->bindValue(':usrcustomerid', $_SESSION['usrcustomerid'], PDO::PARAM_INT);
   $stmt->execute();
   break;
 }

Upvotes: 1

Views: 53

Answers (2)

Manoj Vadehra
Manoj Vadehra

Reputation: 846

Edit

Please ignore.. @Bira's answer is more accurate

Try this:

$stmt = $db->prepare("UPDATE promocode_3 SET used = 1 WHERE coupon_code ='".$couponCode."'");

you missed the quote in coupon code value. P.S. I don't know which database you are using. Please mention that next time. :)

This should work but it's not an ideal case for a prepared statement because in case of prepared statements you should give parameters only at the time of execution.

"prepare" should only compile an sql statement and parameters should be passed later on.

Upvotes: 0

Bira
Bira

Reputation: 5506

You need to bind the couponCode as well.

if ($couponCode == $coupons_db3['coupon_code']){
       echo $couponCode;
       $stmt = $db->prepare('UPDATE promocode_3 SET used = 1 WHERE coupon_code =:couponCode');
       $stmt->bindValue(':couponCode', $couponCode, PDO::PARAM_STR);
       $stmt->execute();

       $stmt = $db->prepare('UPDATE usr_customer_profile SET packageid = 3 WHERE usrcustomerid = :usrcustomerid');
       $stmt->bindValue(':usrcustomerid', $_SESSION['usrcustomerid'], PDO::PARAM_INT);
       $stmt->execute();
       break;
     }

Upvotes: 2

Related Questions