I have problem with bindings, I want to insert name or surname in label Pisatelj as keyword to search for this author, I want also do the same way if I insert keyword for Naslov(=Title of book) please correct my code I have this code in php with postgres:
function get_knjige_sql ( )
{
global $CRUD;
$dbh = $CRUD['dbh'];
$str_query = '';
if(isset($_POST['Knaslov'])){
$str_query = addslashes($_POST['Knaslov']);
}
if(isset($_POST['Ppriimek'])){
$str_query = addslashes($_POST['Ppriimek']);
}
$query = " SELECT * FROM knjiga, pisatelj, zaloga WHERE (knjiga.naslov ILIKE '?' OR CONCAT(pisatelj.ime, ' ', pisatelj.priimek) ILIKE '?' ) AND knjiga.p_id = pisatelj.p_id AND knjiga.k_id = zaloga.k_id AND zaloga.prodana = false ";
if($sth)
$sth->bindValue(':Knaslov', $Knaslov, PDO::PARAM_STR);
$sth->bindValue(':Ppriimek', $Ppriimek, PDO::PARAM_STR);
if($sth)
$sth->execute();
else error('get_knjige_sql: select prepare returned no statement handle');
$err = $sth->errorInfo();
if($err[0] != 0) error( $err[2] );
return($sth);
}
main.php:
<!-- main html file for CRUD (php version) -->
<?php echo $CRUD["MESSAGES"] ?><?php echo $CRUD["ERRORS"] ?>
<div class="form">
<form action="<?php echo $CRUD["SELF"] ?>" method="post" name="knjiga">
<p class="subheading"><?php echo $CRUD["FORM_HEAD"] ?></p>
<table class="form">
<tr>
<td><p class="Afield"> Naslov:</p></td>
<td><input class="Afield" type="text" name="Knaslov" value="<?php echo $CRUD["Knaslov"] ?>"> </td>
</tr>
<tr>
<td><p class="Afield"> Isbn:</p></td>
<td><input class="Afield" type="text" name="kisbn" value="<?php echo $CRUD["Kisbn"] ?>"> </td>
</tr>
<tr>
<td><p class="Afield"> Cena:</p></td>
<td><input class="Afield" type="text" name="Kcena" value="<?php echo $CRUD["Kcena"] ?>"> </td>
</tr>
<tr>
<td><p class="Afield"> Pisatelj:</p></td>
<td><input class="Afield" type="text" name="Ppriimek" value="<?php echo $CRUD["Pime"] ?><?php echo $CRUD["Ppriimek"] ?>"> </td>
</tr>
<tr class="buttons"><td colspan="2">
<p class="buttons">
<?php echo $CRUD["BUTTONS"] ?><?php echo $CRUD["HIDDENS"] ?>
</p>
</td></tr>
</table>
</form>
</div>
<?php echo $CRUD["PRECONTENT"] ?><?php echo $CRUD["CONTENT"] ?><?php echo $CRUD["POSTCONTENT"] ?>
code herebut it doesnt work, so I post to pastebin.com – user564456 Dec 14 '13 at 19:27$sth? That isn't in scope in this function. Did you mean$dbh? Looks like you are trying to use PDO. You never called$dbh->prepare()before binding values and executing. Finally, you should not quote the?placeholders as'?'in the prepared statement. Since you bound named parameters, those should appear in your prepared statement instead of?as inknjiga.naslov ILIKE :knaslov– Michael Berkowski Dec 14 '13 at 19:32addslashes(). That is not needed when binding parameters (and is the wrong way to escape, even when not using prepared statements) – Michael Berkowski Dec 14 '13 at 19:38