Home/ Questions/Q 8868241
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-14T17:13:29+00:00

I have goot the following function: public function search_exists($word){ $word=trim($word); $query=SELECT * FROM `search`

  • 0

I have goot the following function:

public function search_exists($word){
   $word=trim($word);
   $query="SELECT * FROM `search` WHERE `word`=$word";
   echo $query;
   $st=$this->pdo->query($query);
   if($st->fetch()){

      return true;
   }
   return false;

}

I want to check whether rows exist.. problem is that I am new to pdo..and It returns false.. when I know that there is a row..hmm

UPDATE:

About sql_injection:

I use this:

  $word=$pdo->quote($_GET['search']);

I thought to withdraw data from the query like this:

public function search_exists($word){
       $word=trim($word);
       $query="SELECT search_id FROM `search` WHERE `word`=$word";
       echo $query;
       $st=$this->pdo->query($query);
       while($row=$st->fetch()){

          return $row['search_id'];
       }
       return false;
   }

problem..that even the above query doesnt work

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    first of all : use prepared statement to bind a parameter :

    public function search_exists($word){
  $word=trim($word);
  $query="SELECT * FROM `search` WHERE `word`=:word";
  echo $query;
  $st=$this->pdo->prepare($query);
  $st->bindValue('word',$word);
  $st->execute();
  if($st->fetch()){

   return true;
  }
  return false;
}

    now your query has no problem with quoting AND there is no possibility of sql injection.

    Then, an other possibility is to use the count statement, it is strictly equivalent

    public function search_exists($word){
  $word=trim($word);
  $query="SELECT COUNT(*) FROM `search` WHERE `word`=:word";
  echo $query;
  $st=$this->pdo->prepare($query);
  return $st->fetchColumn() > 0;

    }

    About your update

    If you want to get the data :

     public function search_exists($word){
      $word=trim($word);
      $query="SELECT * FROM `search` WHERE `word`=:word";
      echo $query;
      $st=$this->pdo->prepare($query);
      $st->bindValue('word',$word);
      $st->execute();
      $result = $st->fetch(PDO::FETCH_ASSOC);
      if(isset($result['id_result'])){

       return result['id_result'];
      }
      return false;
    }
    • 0