0

I'm a newbie so my question is maybe a little bit strange. I'm trying to use prepared statements for the following code:

<?php
require_once(__DIR__.'/config.php');


$value = $_POST["value"];
$ort = $_GET["ort"];


$stmt = $pdo->prepare('SELECT * FROM Suchmaschine WHERE firma = :firma AND ort = :ort');
$stmt->execute(array('firma' => $value, 'ort' => $value));

foreach ($stmt as $row) {   
   echo "<a href=".$row['link'].">".$row['firma']."</a><br>";
}
?>

I tried some ways, but it doesn't work.

Mogsdad
  • 44,709
  • 21
  • 151
  • 275
  • 1
    Please add the code with the prepared statements that you can't get working. – JimL Jan 17 '16 at 09:24
  • You should check http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – J.J. Hakala Jan 17 '16 at 09:26
  • 1
    `'ort' => $value` seems wrong – J.J. Hakala Jan 17 '16 at 09:48
  • 1
    `'ort' => $ort` would be more likely – Professor Abronsius Jan 17 '16 at 09:49
  • Thanks, but didn't help. Still no output. What can I do? I want to echo link and firma from all lines where column firma=$_POST["value"]; and column ort=$_GET["ort"]; –  Jan 17 '16 at 09:51
  • How can I do this? Please help me. –  Jan 17 '16 at 09:54
  • I would print out the values of `$value` and `$ort` before the prepare-statement to see if they have some sensible values. I would also test the SQL-statement with direct connection to the database. – J.J. Hakala Jan 17 '16 at 10:00
  • Cause I'm a newbie (and not english speaking, too) I don't really know, what you mean. Can you try to explain it to me or modify my code as you think? –  Jan 17 '16 at 10:09

2 Answers2

1

Firstly this line you are missing : and a wrong variable name, should be:

$stmt->execute(array(':firma' => $value, ':ort' => $ort));

Then you are not fetching the results. 

$results = $stmt->fetchAll();

foreach( $results as $row ) {
        echo "<a href=".$row['link'].">".$row['firma']."</a><br>";
}
s27840
  • 367
  • 1
  • 5
  • 14
  • Thanks, I get this error: Parse error: syntax error, unexpected 'as' (T_AS), expecting ';' in /var/www/username/html/folder/folder2/file.php on line 14 –  Jan 17 '16 at 13:26
  • Thank you, no error now. But still an issue. E.g. there is the word "example" in my table. Search works if I search for "example". But I get no matches if I search for "exam" because not the whole word. Can you help me here too, please?? –  Jan 17 '16 at 13:46
0

The issue is on the followling line:

$stmt->execute(array('firma' => $value, 'ort' => $value));

should be changed to:

$stmt->execute(array(':firma' => $value, ':ort' => $value));

Please note the addition of the colons prepending the strings passed as the keys to the array passed to the execute statement.

See here: http://php.net/manual/en/pdostatement.execute.php

Jonathan Harvey
  • 154
  • 5