1. 技术文章
  2. PDO Database access WHERE title = $title

PDO Database access WHERE title = $title

不羁的心 提交于 2019-12-31 05:45:09

问题


I'm trying to learn to use PDO instead of MySQLi for database access and I'm having trouble selecting data from the database. I want to use:

$STH = $DBH->query('SELECT * FROM ratings WHERE title=$title ORDER BY date ASC');
$STH->setFetchMode(PDO::FETCH_ASSOC);

while($row = $STH->fetch()) {
    echo $row['title']; 
}

but I'm getting this error:

Fatal error: Call to a member function setFetchMode() on a non-object in /home/owencont/public_html/owenstest.com/ratemystudents/index.php on line 6

If I take out the WHERE statement it works fine. How can I select a row based on if it's value matches a variable?

Thanks,

Owen


回答1:


It's likely a SQL syntax error, because you forgot to quote $title. It ended up as bareword in the query (also not even interpolated as string), resulting in an error. And your PDO connection was not configured to report errors. Use ->quote() on arguments before the ->query():

$title = $DBH->quote($title);
$STH = $DBH->query("SELECT * FROM ratings WHERE title=$title ");

Or better yet, use parameterized SQL:

$STH = $DBH->prepare("SELECT * FROM ratings WHERE title=? ");
$STH->execute(array($title));



回答2:


Take a look at PDO::prepare and PDOStatement::execute. The safest way to add user content to a query is to prepare a basic statement and bind the parameter to it. Example (note the question mark in the SQL statement):

$STH = $DBH->query('SELECT * FROM ratings WHERE title=? ORDER BY date ASC');
$STH->execute( array( $title ) );

while( $row = $STH->fetch( PDO::FETCH_ASSOC ) );



回答3:


  1. Make PDO throw errors so you can see what exactly goes wrong. See How to squeeze error message out of PDO?

  2. You are probably missing quotes around $title but this scenario really calls for prepared statements instead.




回答4:


remove the variable out of the sql statement because its a php variable

$STH = $DBH->query('SELECT * FROM ratings WHERE title=' . $title . 'ORDER BY date ASC');



回答5:


Use double quotes instead of single quotes as a parameter of the query-method.

The reason you're getting this error is because the query-method fails and so the $STH object isn't created. You should implement some error handling.



来源:https://stackoverflow.com/questions/5223304/pdo-database-access-where-title-title

标签
php
mysql
pdo
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!