Home/ Questions/Q 8231563
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-07T17:32:10+00:00

Hey Guys I’m running this little function here function getBeaches() { $request=Slim::getInstance()->request(); $args=filter_var_array(func_get_args(),FILTER_SANITIZE_STRING); $sql=SELECT

  • 0

Hey Guys I’m running this little function here

function getBeaches() {

$request=Slim::getInstance()->request();

$args=filter_var_array(func_get_args(),FILTER_SANITIZE_STRING); 
$sql="SELECT * FROM beaches WHERE state=:state AND city=:city"; 

    //  var_export($args); die();
    //  array ( 0 => 'wa', 1 => 'seattle', )

try {
    $db         = getConnection();
    $stmt       = $db->prepare($sql);


        $stmt->bindValue('state',   $args[0], PDO::PARAM_STR); //should bind wa 
        $stmt->bindValue('city',    $args[1], PDO::PARAM_STR); //should bind seattle
        $stmt->execute();

    $stmt       = $db->query($sql);
    $beaches    = $stmt->fetchObject();
    $db         = null;

    echo '{"map": ' . stripslashes(json_encode($beaches)) . '}';
} catch(PDOException $e) {
    echo '{"error":{"text":'. $e->getMessage() .'}}';
}

    /* {"error":{"text":SQLSTATE[42000]: Syntax error or access violation: 
     * 1064 You have an error in your SQL syntax; check the manual that  
     * corresponds to your MySQL server version for the right syntax to use 
     * near ':state AND city=:city' at line 1}}
     */

}

And am getting the error I commented at the bottom, trying to run this like so

mysql$ SELECT * FROM beaches WHERE state='wa' AND city='seattle';

May be this rings some bells?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You need the semicolons before your param names: (Not 100% true, see edit)

    $stmt->bindValue(':state',   $args[0], PDO::PARAM_STR); //should bind wa 
$stmt->bindValue(':city',    $args[1], PDO::PARAM_STR); //should bind seattle

    From the PHP docs on PDOStatement::bindValue():

    Parameter identifier. For a prepared statement using named placeholders, this will be a parameter name of the form :name. For a prepared statement using question mark placeholders, this will be the 1-indexed position of the parameter.

    EDIT
    As @jeroen has pointed out the problem (the same one in your pastebin) that you overwrite the $stmt variable before you get the data from it. In you code the problem is around the 17th line:

    $stmt->execute();  // $stmt now has query results (from the query with parameters bounded)

$stmt       = $db->query($sql); // You redo the query. Now $stmt has no query results and no parameters are bound
$beaches    = $stmt->fetchObject(); // Statement assumes you want to execute query and does so but not parameters are bound

    You can remedy this by changing the above lines to:

    $stmt->execute();
$beaches = $stmt->fetchObject();
    • 0