1

I am trying to transfer a search engine I wrote over to an OOP architecture.

Relevant code from database connection(sqlconnect1):

    public function query($query){
    $this->stmt = $this->dbh->prepare($query);
    }

    public function bind($param, $value, $type = null){     
        if (is_null($type)) {
            switch (true) {
                case is_int($value):
                    $type = PDO::PARAM_INT;
                    break;
                case is_bool($value):
                    $type = PDO::PARAM_BOOL;
                    break;
                case is_null($value):
                    $type = PDO::PARAM_NULL;
                    break;
                default:
                    $type = PDO::PARAM_STR;
            }
        }

        $this->stmt->bindValue($param, $value, $type);
    }
    public function execute(){
        return $this->stmt->execute();
    }

    public function resultset(){
        //$this->execute();
        return $this->stmt->fetch(PDO::FETCH_ASSOC);
    }

}

Relevant Search engine code:

protected function __construct(){
    //Make SQL Connection. Then Form Query
    if(isset($_GET['search'])){
        $sqlconnect1 = new sqlconnect1;
        $sqlconnect1->query("SELECT * FROM data1 WHERE address_city LIKE ':get_city'");
        //Bind User Input to Prepared Statement
        $sqlconnect1->bind(':get_city', '$get_city');
        $sqlconnect1->bind(':get_state', '$get_state');
        $sqlconnect1->bind(':get_zip', '$get_zip');
        $sqlconnect1->bind(':get_country', '$get_country');
        $sqlconnect1->bind(':get_category1', '$get_category1');
        $sqlconnect1->bind(':get_name', '$get_name');

        //Execute Query
        $sqlconnect1->execute();
    }

Controller:

protected function __construct(){
    //Capture User Input
    if(isset($_GET['search'])){
    $this->get_city = filter_var($_GET['query_city'], FILTER_SANITIZE_STRING);
    $this->get_state = filter_var($_GET['query_state'], FILTER_SANITIZE_STRING);
    $this->get_zip = filter_var($_GET['query_zip'], FILTER_SANITIZE_STRING);    
    $this->get_country = filter_var($_GET['query_country'], FILTER_SANITIZE_STRING);
    $this->get_category1 = filter_var($_GET['query_category1'], FILTER_SANITIZE_STRING);
    $this->get_name = filter_var($_GET['query_name'], FILTER_SANITIZE_STRING);
    echo $this->get_city, $this->get_state, $this->get_category1;
    }
    //Validate Data
    if($this->get_state == '' or $this->get_city == '' or $this->get_category1 == ''){
    echo "<center><b>Please, fill in the required fields.</b></center>";
    exit();
    }
}

Nothing happens when I make a search. If I replace the :get_city with an actual city everything works fine.

Phiter
  • 14,570
  • 14
  • 50
  • 84
Arthur Walker
  • 125
  • 10

1 Answers1

1

Your problem is here:

    $sqlconnect1->query("SELECT * FROM data1 WHERE address_city LIKE ':get_city'");
    //Bind User Input to Prepared Statement
    $sqlconnect1->bind(':get_city', '$get_city');  // <-- your problem

You're actually searching for the string $get_city, not the variable contents.

Remove the apostrophes or replace them with quotes, and it should work.

Related: What is the difference between single-quoted and double-quoted strings in PHP?

Community
  • 1
  • 1
Phiter
  • 14,570
  • 14
  • 50
  • 84
  • I'm still getting the same result. If I echo $get_city, it returns the correct input. – Arthur Walker Jun 24 '16 at 01:13
  • What did you change? – Phiter Jun 24 '16 at 01:21
  • I tried a number of things. First, I just put quotes around $get_city. Then, I replaced the quotes around the query with apostrophes and put quotes around :get_city there. Then I just put quotes around everything. I also tried about 10 other combinations of quotes and apostrophes for good measure. – Arthur Walker Jun 24 '16 at 02:02