0

Is it possible in pdo to have a query with a operator like + - * or / ?

The solution is to put spaces between the ? and the operators this will not work

$table01.Amount - ?*?

This works

$table01.Amount - ? * ?

the query

UPDATE account SET account.Amount = account.Amount - 1000000*0.03 WHERE account.Id = 23;

throws an error but putting this query into the database clients gives me no error

$sqlAccountUpdate="UPDATE $table01
                SET 
                $table01.Amount = $table01.Amount - ?*?
                WHERE
                $table01.Id = ?;";
try 
{
$stmtAccountUpdate = $pdo->prepare($sqlAccountUpdate);
$stmtAccountUpdate->execute([$_POST['new_account_initial_deposit'], $deposit_fee, $accountid]);
}
catch(Exception $e) 
{
echo 'Exception -> ';
var_dump($e->getMessage());
}

the error I get is caused by this this is the line that gives the error:

$table01.Amount - ?*?

I know I can work around it by calculating the values before the prepared statement and using 1 variable instead of doing the calculation in the prepared statement.

this works

$initalFee=$_POST['new_account_initial_deposit']*$deposit_fee;
$sqlAccountUpdate="UPDATE $table01
                SET 
                $table01.Amount = $table01.Amount - ?
                WHERE
                $table01.Id = ?;";
try 
{
$stmtAccountUpdate = $pdo->prepare($sqlAccountUpdate);
$stmtAccountUpdate->execute([$initalFee, $accountid]);
}
catch(Exception $e) 
{
echo 'Exception -> ';
var_dump($e->getMessage());
}
anatak
  • 440
  • 2
  • 7
  • 16
  • 1
    What **exactly** is this error you speak of? Also, to answer you later question ~ https://stackoverflow.com/questions/182287/can-php-pdo-statements-accept-the-table-or-column-name-as-parameter – Phil Jun 06 '17 at 00:51
  • Using variables in a query isn't a problem as long as you know where the data in the variable comes from - ie, a variable you have declared yourself in the script. As long as it is not user-input being used, that's not a problem. – junkfoodjunkie Jun 06 '17 at 00:51
  • You can't bind tables. – chris85 Jun 06 '17 at 00:57
  • can you remove the duplicated on this question ? My question is about using operators in a prepared statement. the part about the tablenames was secondary. – anatak Jun 06 '17 at 01:31

0 Answers0