0

Edit:The problem's been solved.I used PDO's prepared statement to use where by using ? in place of the variable and then later binding it with the variable string.

I have used the below mentioned sql query to join two tables and display there data.Here it is 

SELECT docinfo.fnamedoc,docinfo.lnamedoc,docinfo.department, 
prescriptions.prescription FROM docinfo INNER JOIN prescriptions
ON docinfo.unamedoc=prescriptions.unamed

When i use an additional WHERE alongside this statement than i am it works with an SQL DB software "DB browser for SQLite" when i run the sql code on it but it isnt working with php.Nothing gets displayed when i use where but the code in php works when i dont use where.

The code with WHERE is as follows:

SELECT docinfo.fnamedoc,docinfo.lnamedoc,docinfo.department, 
prescriptions.prescription FROM docinfo INNER JOIN prescriptions
ON docinfo.unamedoc=prescriptions.unamed WHERE prescriptions.unamep=$uname`

The picture of query running successfully in "DB browser for sqlite" and displaying one row is as follows SQL Query in DB Browser for SQLITE

Usman Abdur Rehman
  • 334
  • 1
  • 3
  • 13
  • 2
    Don't know sqlite but probably because `$uname` is a string and needs to be quoted. Should parameterize if the PHP driver offers that (if not you should probably find a different driver). – user3783243 Jan 19 '19 at 18:19
  • 1
    http://php.net/manual/en/sqlite3.prepare.php – Pinke Helga Jan 19 '19 at 18:23
  • https://stackoverflow.com/tags/php/info How do I make my database queries secure from SQL injection? – Pinke Helga Jan 19 '19 at 18:27

1 Answers1

0

The problem's been solved.I used PDO's prepared statement to use where by using ? in place of the variable and then later binding it with the variable string using $db->Bindparam(1,$uname).I still dont know what was causing it but now its solved.

Usman Abdur Rehman
  • 334
  • 1
  • 3
  • 13