1

I'm trying to do like this using PHP and MySql PDO:

//PHP Variables
$msg_a = 'Too Little';
$msg_b = 'Score OK';

$sql = "select if(stdScore >= stdRequired, $msg_a, $msg_b) from scores;"

$results = $conn->prepare($Sql);

$results->execute();

AFAIK this should have worked. But I keep getting the following error message:

Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '

How can something like this be done?

Improve this question
4
  • PHP variables are case-sensitive. Commented Jan 3, 2014 at 7:22
  • 1
    Your code is still open to SQL injection. PDO is not a magic bullet, and you need to use it correctly with bound parameters instead of string concatenation Commented Jan 3, 2014 at 7:22
  • Why bother to use prepare if you still interpolate query strings? Commented Jan 3, 2014 at 7:23
  • echo $sql; and run it in server to check if query is correct. Commented Jan 3, 2014 at 7:32

4 Answers 4

Reset to default
3 
$results = $conn->prepare($Sql);

---------------------------------------------^ (capital S)

it should be with a lowercase s

$results = $conn->prepare($sql);

because you have:

$sql = "select if(stdScore >= stdRequired, $msg_a, $msg_b) 
        from scores";(//semicolon after double quotes)

---^
with a lowercase s ($sql)

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

Can you try this, 

$sql = "select if(stdScore >= stdRequired, $msg_a, $msg_b) from scores";

$results = $conn->prepare($sql);
Improve this answer

3 Comments

Isn't necesary. Php allows you to insert variables directly into strings.
@MrVimes, What is not neccessary. ?
using those quote characters. PHP allows direct insertion like this - "Hello world $myvar Hello hello". The questioner's problem is not the string.
0

Have you tried it this way ?

$sql = "select if(stdScore >= stdRequired, "'.$msg_a.'", "'.$msg_b.'") from scores;"
Improve this answer

1 Comment

we usually try the above way as you mentioned when our php variables are not getting interpreted inside the query but i dont think the OP is getting the mentioned error due to this.
0

Since you're already using PDO don't do query string interpolation leaving your code vulnerable to sql injections and value escaping problems. Instead use prepared statements properly.

Your code could've looked something like

$msg_a = 'Too Little';
$msg_b = 'Score OK';
// use placeholders in a query string
$sql = "SELECT IF(stdScore >= stdRequired, :msg_a, :msg_b) msg FROM scores";
// prepare the statement
$query = $conn->prepare($sql);
// bind parameters and execute the query
$query->execute(array(':msg_a' => $msg_a, ':msg_b' => $msg_b));
// fetch the resultset
$rows = $query->fetchall(PDO::FETCH_ASSOC);
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.