-1
try {
$conn = new PDO('mysql:host=localhost;dbname=dbtable', $username, $password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$data = $conn->prepare('SELECT * FROM table WHERE name = ' . $conn->quote($name).' AND id = '. $conn->quote($id));
$data->execute();

while($row = $data->fetch(PDO::FETCH_ASSOC)) {
    echo "ID : ".$row['id'].'</br>';
    echo "Name : ".$row['name'].'</br>';
    echo "Name : ".$row['header'].'</br>';
}
} catch(PDOException $e) {
echo 'ERROR: ' . $e->getMessage();
}

The above works for one parameter (name) but when i use AND operator it shows no results. URL is as given below.

http://www.mywebsite.com/page.php?id=2&name=xyz
Abdul Haseeb
  • 833
  • 9
  • 20
  • Are you sure that you have records with requested `name` and `id` fields in table? – zavg Sep 18 '14 at 20:06
  • http://stackoverflow.com/questions/9250434/pdo-quote-method! – loveNoHate Sep 18 '14 at 20:08
  • @Hasi, it's good that you're using `PDO::prepare`, but you're not using it correctly. Parameters must be set separately, that's the whole point of prepared statements. See examples: http://php.net/manual/en/pdo.prepare.php – lxg Sep 18 '14 at 20:09
  • Yes.I tried by using with any one of one vaiable (name or id) at a time, it works well. – Abdul Haseeb Sep 18 '14 at 20:10
  • Perhaps you never have `name` and `id` in one row, or with the figures you try? – loveNoHate Sep 18 '14 at 20:13
  • I tried simple MySQL code(without using PDO) still i couldn't get the results for multiple parameters :( – Abdul Haseeb Sep 18 '14 at 20:44

2 Answers2

2

As mentioned in the documentation, you're strongly advised to use parametrized queries, like so:

$data = $conn->prepare('SELECT * FROM table WHERE name = :name AND id = :id');
$data->bindParam(":name", $name);
$data->bindParam(":id", $id);

If this still does not work, I would suggest running a similar query directly against your database, through either phpMyAdmin or the MySQL Workbench, to verify that the query actually returns anything.

Tieson T.
  • 20,774
  • 6
  • 77
  • 92
0
$data = $conn->prepare("SELECT * FROM table WHERE name = '$name' AND id <> '$id' ");

The above code worked for me.

Abdul Haseeb
  • 833
  • 9
  • 20