I am bit confused as when try the code below I receive the desired result.
include_once('config.class.php');
$db = Core::getInstance();
$whr = 'test@nannex.com';
$inv = $db->dbh->prepare("SELECT * FROM ruj_users WHERE email=:whr");
$inv->execute(array(":whr"=>$whr));
$row = $inv->fetch(PDO::FETCH_ASSOC);
echo $row['email'];
echo $row['full_name'];
However, when I run the following code it returns 1 not the desired result.
include_once('config.class.php');
$db = Core::getInstance();
$whr = 'test@nannex.com';
function fetchUser($whr){
$db = Core::getInstance();
$inv = $db->dbh->prepare("SELECT * FROM ruj_users WHERE :whr");
$inv->execute(array(':whr'=>$whr));
$res = $inv->fetch(PDO::FETCH_ASSOC);
return $res;
}
$row = fetchUser("email = '".$whr."' ");
echo $row['email'];
echo $row['full_name'];
This query:
When expanded:
The expression
email = \'test@nannex.com\'will be evaluated by MySQL as a boolean and is always truthy, so it will return all rows inruj_users.If you want custom conditions, you can do something like this: