1

I have the following code:

try
{
    $sql = 'SELECT id, type, date, amount, description, category 
FROM `transactions`
    WHERE type = "income"
    AND month(date) = '$monthselect'
    ORDER BY `transactions`.`id` DESC
    LIMIT 0,50';
    $result2 = $pdo->query($sql);
}

Now, I want to give this month(Date) a variable which month I want to select. if I put 1, it will give me January. So i thought, if I define a variable with 1, I can use it to select a month, right?

$monthselect = 1;

It doesnt work. What am I doing wrong?

Improve this question
2
  • 1
    You're using single quotes both in your query, and as string delimiters. That's just going to get confusing. Since you're using PDO, why not look at using a prepared statement, and a bound parameter? Commented Jun 19, 2013 at 20:04
  • what's the field type of your date? Commented Jun 19, 2013 at 20:05

4 Answers 4

Reset to default
3

Use prepared statements:

$stm = $pdo->prepare('SELECT id, type, date, amount, description, category 
FROM `transactions`
    WHERE type = "income"
    AND month(date) = ?
    ORDER BY `transactions`.`id` DESC
    LIMIT 0,50');

$stm->execute(compact('monthselect'));
$result2 = $stm->fetchAll();

Since you're not adding "1" directly in your query, I'm assuming here that the variable comes from user input.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

To concatenate strings in PHP you need to use the . operator.

$sql = 'SELECT id, type, date, amount, description, category 
    FROM `transactions`
    WHERE type = "income"
    AND month(date) = ' . $monthselect . '
    ORDER BY `transactions`.`id` DESC
    LIMIT 0,50';
Improve this answer

Comments

1

I'll frequently use double quotes to substitute variables in PHP:

$sql = "SELECT id, type, date, amount, description, category 
    FROM `transactions`
    WHERE type = 'income'
    AND month(date) = $monthselect
    ORDER BY `transactions`.`id` DESC
    LIMIT 0,50";

Note that you need to swap the existing double quotes (inside the string) to single quotes. You can escape them too, but I find this way makes it much more readable.

Improve this answer

Comments

1

Your issue is that you are trying to use a variable inside single quotes, inside which php is not translated

I find by using double quote marks around my queries it allows me to not only use variables in them but to also be able to use single quote mark around the values passed to the db

$sql = "SELECT id, type, date, amount, description, category 
FROM `transactions`
WHERE type = 'income'
AND month(date) = $monthselect
ORDER BY `transactions`.`id` DESC
LIMIT 0,50";
Improve this answer

3 Comments

Best to remove the single quotes around $monthselect though, since it's an integer, and should be compared to MONTH() as such.
...and you need to escape the double quotes around income, or replace them with single quotes. As it is, this will cause a Parse error. eval.in/34178
Thanks @ThomasKelley i have made those amendments to my answer

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.