Home/ Questions/Q 6852383
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T01:21:51+00:00

I believe I have the syntax correct, at least according to my textbook. This

  • 0

I believe I have the syntax correct, at least according to my textbook. This is just a piece of the file as the other info is irrelevant to my problem. The table name is user, as well as the column name is user. I don’t believe this to be the problem, as other sql statements work. Though it isn’t the smartest thing to do I know 🙂 Anyone see an error?

try {
$db=new PDO("mysql:host=$db_host;dbname=$db_name",
        $db_user,$db_pass);
} catch (PDOException $e) {
exit("Error connecting to database: " . $e->getMessage());
}
$user=$_SESSION["user"];

$pickselect = "SELECT game1 FROM user WHERE user='$user' ";
$pickedyet = $db->prepare($pickselect);
$pickedyet->execute();
echo $pickselect;

if ($pickedyet == "0")
{ 
echo '<form method="post" action="makepicks.php">
<h2>Game 1</h2>......'
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Since you’re seemingly using prepared statements, I’d recommend using them to their fullest extent so that you can avoid traditional problems like SQL injection (this is when someone passes malicious SQL code to your application, it’s partially avoided by cleansing user inputs and/or using bound prepared statements).

    Beyond that, you’ve got to actually fetch the results of your query in order to display them (assuming that’s your goal). PHP has very strong documentation with good examples. Here are some links: fetchAll; prepare; bindParam.

    Here is an example:

    try
{
    $db = new PDO("mysql:host=$db_host;dbname=$db_name",
                  $db_user, $db_pass);
}
catch (PDOException $e)
{
    exit('Error connecting to database: ' . $e->getMessage());
}

$user = $_SESSION['user'];

$pickedyet = $db->prepare('SELECT game1 FROM user WHERE user = :user');
/* Bind the parameter :user using bindParam - no need for quotes */
$pickedyet->bindParam(':user', $user);
$pickedyet->execute();

/* fetchAll used for example, you may want to just fetch one row (see fetch) */
$results = $pickedyet->fetchAll(PDO::FETCH_ASSOC);

/* Dump the $results variable, which should be a multi-dimensional array */

var_dump($results);

    EDIT – I’m also assuming that there is a table called ‘user’ with a column called ‘user’ and another column called ‘game1’ (i.e. that your SQL statement is correct aside from the usage of bound parameters).

    • 0