PHP: Can't access class in SQL Statement

Question

I have some problems with a SQL statement.

require_once("Dozent.php");
.
.
.

public function findAll()
    {
        try {
            $stmt = $this->pdo->prepare('
              SELECT * FROM vorlesung WHERE id_dozent = $dozent->id;
            ');
            $stmt->execute();
            $stmt->setFetchMode(PDO::FETCH_CLASS, 'Vorlesung');
            return $stmt->fetchAll();

        } catch (PDOException $e) {
            echo("Fehler! Bitten wenden Sie sich an den Administrator...<br>" . $e->getMessage() . "<br>");
            die();
        }
    }

'id_dozent = $dozent->id' that's not working and I don't know why. When I insert a number like '1' it's working as expected.

Does anybody know what I am doing wrong?

Thanks so much! :-)

Edit1: Full Code:

<?php

require_once("Manager.php");
require_once("Vorlesung.php");

require_once("Dozent.php");
require_once("DozentManager.php");

class VorlesungManager extends Manager
{
    protected $pdo;

    public function __construct($connection = null)
    {
        parent::__construct($connection);
    }

    public function __destruct()
    {
        parent::__destruct();
    }

    public function findAll()
    {
        try {
            $stmt = $this->pdo->prepare('
              SELECT * FROM vorlesung WHERE "id_dozent = $dozent->id";
            ');
            $stmt->execute();
            $stmt->setFetchMode(PDO::FETCH_CLASS|PDO::FETCH_PROPS_LATE, 'Vorlesung');
            return $stmt->fetchAll();
        } catch (PDOException $e) {
            echo("Fehler! Bitten wenden Sie sich an den Administrator...<br>" . $e->getMessage() . "<br>");
            die();
        }

    }

http://php.net/manual/en/pdo.error-handling.php - http://php.net/manual/en/function.error-reporting.php — Funk Forty Niner, Apr 02 '16 at 20:44
1) single quotes are *not* interpolated 2) write correct code, [with placeholders](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1) (and avoid this 'problem' entirely) — user2864740, Apr 02 '16 at 20:52
$stmt->setFetchMode(PDO::FETCH_CLASS|PDO::FETCH_PROPS_LATE, 'Vorlesung'); — cpugourou, Apr 02 '16 at 21:04
@VolkerK `$dozent` is an instance of the class Dozent. They are set in Dozent.php. — Timo Springer, Apr 02 '16 at 21:15

score 0 · Accepted Answer · answered Apr 02 '16 at 21:22

$dozent->id isn't defined inside function findAll()

You have to use an argument:

public function findAll($dozent)

And a more correct way to include that value in the query is something like this:

$stmt = $this->pdo->prepare('SELECT * FROM vorlesung WHERE id_dozent = ?');
$stmt->execute(array($dozent->id));

Or this:

$stmt = $this->pdo->prepare('SELECT * FROM vorlesung WHERE id_dozent = :id');
$stmt->execute(array(':id' => $dozent->id));

Thanks so much @CJ Nimes! It's working now! – Timo Springer Apr 02 '16 at 21:32 — Timo Springer, Apr 02 '16 at 21:32

score -1 · Answer 2 · answered Apr 02 '16 at 20:49

-1

Try with "... {$dozent->id};". With the double quotes and brackets.

answered Apr 02 '16 at 20:49

NathanVss

634
5
16

PHP: Can't access class in SQL Statement

2 Answers2