Pdo UPDATE does not work

Asked

Viewed 870 times

0

I’m trying to send some values to SQL, but PDO does not work as it should, or I’m forgetting something, I’m new to using PDO.

Example of functional code.

    $conn = new PDO('mysql:dbname=config_database;host=127.0.0.1', 'root', '');
    $statement = $conn->prepare("UPDATE stream_table SET src='Funcional' WHERE start = '60'");
    $statement->execute();

Example of non-functional code.(I tried several other possibilities unsuccessfully) (Returns no error, just does nothing)

    $conn = new PDO('mysql:dbname=config_database;host=127.0.0.1', 'root', '');
    //$value = $_POST['value'];              //A ideia real é pegar via POST
    $value = 'C:\sample.code';               //Simplificando o test
    $statement = $conn->prepare("UPDATE stream_table SET src='?' WHERE start = '60'");
    $statement->bindValue(":value", $value); //Testei com bindParam e bindValue
    $statement->execute();

I do not know if it is due to the apostrophe or something else, I followed several examples contained in the internet and it doesn’t even work, it is malignant.

How can I run this command functionally?

Maybe this post here from the OS-pt will help.

@Edit

Error note: I cannot use placeholders for table or column names.

php sql pdo
  • 1

    Not related to the question, but I particularly likemysqli_ more than PDO. They are similar, but it seems to me more natural mysqli_. As for the apostrophes, note that they should not be used in placeholders of the parameters ( ? ), as exemplified in the @Lost reply.

  • I also findmysqli_ easier and easier to use, but with a little time using PDO, I started to like how it is written and everything. It gives me confidence to use PDO, besides the compatibility with several drivers, I see only advantage, even if it is more complicated. Anyway, I think that each one should use what suits them best and is more comfortable. @Bacco (PS.: I’m sorry for the silly questions, always at the beginning when we are noobs we have these doubts.)

  • 1

    in fact, both have their advantages. If it seemed like criticism, it was not the intention, I only commented as personal preference even. As for what he asked, Perdeu put the two important points: the use of the names x numbers, and the quotation marks, which affected his code.

1 answer

4


When to use ? bindValue puts the order of the argument and variable:

$statement = $conn->prepare("UPDATE stream_table SET src = ? WHERE start = ? ");
$statement->bindValue(1, $value);
$statement->bindValue(2, $id);

With the markings (:nome) the order doesn’t matter

$statement = $conn->prepare("UPDATE stream_table SET src = :value WHERE start = :id ");
$statement->bindValue(':id', $id);
$statement->bindValue(':value', $value);

To display the error add the optional argument in the constructor besides PDO::ERRMODE_EXCEPTION other forms to deal with the error.

$options = array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION);
$conn = new PDO('mysql:dbname=config_database;host=127.0.0.1', 'root', '', $options);

try {
   //....
   $statement->execute();
} catch(Exception $e) {
   echo $e->getMessage();
}

  • Yeah, it’s working, my thanks for dedicating your time. Maybe because I’m inside Try, I don’t know, I’ll at least try to figure out where I went wrong so it doesn’t happen again.

  • 1

    Looking at the link of the other issue, table and column names cannot be replaced by ? or :marcação. Using Prepared statements avoids sql Injection not to quote values only indicate markup.

  • O I can’t use placeholders for table or column names, so everything is right :name prevented operation, solution, used switch to check the incoming data and set the :name manually preventing a probable sql attack, sql became SET $bypassname=:value. (PS: using src as you put it was not feasible because the data is dynamic)

Browser other questions tagged php sql pdo

You are not signed in. Login or sign up in order to post.