0

I need to do a PHP PDO call to my db with an INNER JOIN and WHERE clause.

In navicat GUI this statement is running fine and i can see the results. The problem come out lather in php environment about string concatenation.

I would like to format this request so that it can be digested by php:

SELECT * FROM tsourcetb as T INNER JOIN users as U ON U.username = T.username WHERE U.username = $username AND T.username = $username;

what I tried to do

$sth = $db->prepare("SELECT * FROM tsourcetb as T INNER JOIN users as U ON U.username = T.username WHERE U.username = $username AND T.username = $username");

the return is an error indicating that there is no table with the variable name. Basically it takes the variable as the name of the table the return is an error indicating that there is no table with the variable name. Basically it takes the variable as the table name and not the table name as it should like (SELECT * FROM $username) jumping out the first part of statement).

The intent is to have all the records of table A where the username field is = to the username field of table B with value passed from a variable. Thank for any suggestion to achieve my goal.

UPDATE

php is magic need to try and retray. At the end tish one help me to goal:

$username = ($_POST['username']);
$password = ($_POST['password']);

$statement = $db->prepare('SELECT p.* FROM `tsourcetb` as p LEFT JOIN    `users`as s ON p.username = s.username WHERE s.username = :username;');
$statement->bindParam(':username', $username, PDO::PARAM_STR);
$statement->execute();

/* look here -> $statement->fetchall(PDO::FETCH_ASSOC) */

$array_select = $statement->fetchall(PDO::FETCH_ASSOC);
echo json_encode($array_select, JSON_PRETTY_PRINT);
Improve this question

3 Answers 3

Reset to default
0 
<?php


$sth = $db->prepare("SELECT * FROM `tsourcetb` as T INNER JOIN users as U ON U.username = T.username WHERE U.username = ?  AND T.username = ? ");
$sth->execute([$username,$username]);
$results = $sth->fetchall();


?>

wrapper your table name with backticks and also use placeholders

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

hi and thanks for time. I have 2 table and in you example only one is backticksed. Anyway nothing happens no results was valorized
0

Try this:

$stmt = $db->prepare("SELECT * FROM tsourcetb as T INNER JOIN users as U ON U.username = T.username WHERE U.username = :username AND T.username = :username");
$stmt->bindValue(':username', $username, PDO::PARAM_STR);
$stmt->execute();

You need to bind a value with prepared statement:

Source: Docs

Improve this answer

2 Comments

i get an error: Call to undefined method PDO::bindValue()
@sundsx You are right, I made a mistake changed it
0

You have to bind parameters when you are making an dynamic query with PDO. Change this in your query.

$username -> :username

And before you make the call 

$yourQueryObj->bindValue(':username', $username, PDO::PARAM_STR);

That's why prepared statments are safer than regular variables as you assign it's type before it's sent for query.

You can read about it here http://php.net/manual/en/pdostatement.bindvalue.php

You should be able also execute with array of parameters after preparing like that :

$sth = execute(array(':username'=> $username));
Improve this answer

1 Comment

Call to undefined method PDO::bindParam()

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.