current community

your communities

more stack exchange communities

Stack Exchange
tour help
stack overflow careers
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 0 down vote favorite
1
 

$sql = "SELECT post_title, post_body, post_author FROM forum_post WHERE post_id='".$pid."' forum_id='".$id."' AND post_type='o'";
if($topicPost = $mysql->prepare($sql)) {
    $topicPost->bind_param('ss',$pid,$id);
    $topicPost->bind_result($post_title, $post_body, $post_author);
    $topicPost->execute();
    $topicPost->store_result();
} else {
    echo "ErrorinSQLLL, ".$mysql->error;
    exit();
}

So there is my SQL query statement.

I get this printed on my page :

ErrorinSQLLL, You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'forum_id='1'' at line 1

If needed I can post more of my code.

share|improve this question
3  
You miss an AND here "post_id='$pid' AND forum_id='$id'" –  jarlh Feb 11 at 10:40
1  
WHERE post_id='$pid' forum_id='$id' and then trying to bind $pid and $id as well.... but there's no placeholders in the SQL to bind them against.... looks as though you have a fundamental misunderstanding of bind variables that makes your SQL unsafe..... your SQL should be WHERE post_id=? AND forum_id=? –  Mark Baker Feb 11 at 10:43

3 Answers 3

up vote 3 down vote accepted

You are missing AND in your query, here post_id='$pid' forum_id='$id'.

share|improve this answer
1  
Oh my..... Thank you. –  Kevin aka Kebbona Feb 11 at 10:41
up vote 2 down vote

You missed one AND, after post_id key:

"SELECT 
  post_title, 
  post_body,
  post_author 
FROM 
  forum_post
WHERE 
  post_id = " . $pid . " 
 AND 
  forum_id= " . $id . " 
 AND 
  post_type = 'o'";
share|improve this answer
up vote 1 down vote

Missing and in where condition

... WHERE post_id = " . (int)$pid . " AND forum_id = " . (int)$id . " ...

Ids are number, so without quotes.

share|improve this answer

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.