0

So I'm trying to execute the following sql query:

$stmt = $connect->query("SELECT `FID`,`StorageID`,`DestructionDate` FROM `files` WHERE `DestructionDate` < ':date'");
$stmt->bindValue(":date",$date);
$stmt->execute();

while ($row = $stmt->fetch()) {
$fid = $row['FID'];
echo  $fid . " ";
}

The above code will return all records from files, it simply ignores the WHERE statement at all, and just to be clear, when I run the same statement on phpMyAdmin it runs just fine, in fact I even tried binding the value inside the query itself like this

$stmt = $connect->query("SELECT FID,StorageID,DestructionDate FROM files WHERE DestructionDate < '$date'");

And the query was executed correctly and only gave me the records that satisfy the WHERE condition, so the error is definitely in the bindValue() and execute() lines.

Improve this question
3
  • 1
    Don't put your :date parameter between single quotes Commented Oct 30, 2018 at 10:58
  • The single quotes are for the statement itself, The original statement would be something like: SELECT FID,StorageID,DestructionDate FROM files WHERE DestructionDate < '2018-10-30 13:00' The code didn't run without them Commented Oct 30, 2018 at 11:04
  • For prepared statements you do not and should not have quotes surrounding the placeholders, :date Commented Oct 30, 2018 at 11:30

2 Answers 2

Reset to default
4

From docs:

PDO::queryExecutes an SQL statement, returning a result set as a PDOStatement object

You possibly want PDO::prepare() followed by PDOStatement::execute(). (There's normally no need to painfully bind params one by one.)

Additionally, you have bogus quotes around the placeholder:

':date'

You'll note that as soon as you execute the statement because params won't match.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

You're correct I fixed it, but the issue remains, it's still returning all the records, here's the edited code $stmt = $connect->prepare("SELECT FID,StorageID,DestructionDate FROM files WHERE DestructionDate < '?'"); $stmt->execute(array($date));
Try ? instead of '?'. You want the param's value, not a literal quote.
Oh finally it worked, Thanks so much for your answer!
1

2 solutions :

First:

$stmt = $connect->prepare("SELECT `FID`,`StorageID`,`DestructionDate` FROM `files` WHERE `DestructionDate` < :date");
$stmt->execute(array('date' => $date);
$result = $stmt->fetchAll(PDO::FETCH_ASSOC);

Second:

$stmt = $connect->prepare("SELECT `FID`,`StorageID`,`DestructionDate` FROM `files` WHERE `DestructionDate` < ?");
$stmt->execute(array($date));
$result = $stmt->fetchAll(PDO::FETCH_ASSOC);

In both cases, you don't need to 'quote' the string to be replaced (:date or ?) because PDO parse the value in the right type corresponding to the column to match.

Improve this answer

1 Comment

Thank you for the detailed answer! :)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.