Some questions about PDO, safety and correct syntax
PDO and mysqli are both safe methods which you can use.
the link you have attached - http://thisinterestsme.com/php-user-registration-form/
is great! shows you how to make an easy query :
$sql = "SELECT COUNT(username) AS num FROM users WHERE username = :username";
$stmt = $pdo->prepare($sql);
//Bind the provided username to our prepared statement.
$stmt->bindValue(':username', $username);
//Execute.
$stmt->execute();
//Fetch the row.
$row = $stmt->fetch(PDO::FETCH_ASSOC);
and the password hash is great if you have PHP version 5.5+.
In addition, you can also review the website http://www.phptherightway.com
You will find there very interesting documentations of how to program a secured code.
Good luck and be awesome! :)
what is the correct PDO syntax
Prepared statement are useful because they separate the query and the parameters. Concatenation is now something to forget.
$query = $db->prepare("SELECT companyname, axiscategory
FROM axispl WHERE companyname
LIKE :searchterm LIMIT 11");
$query->bindValue('searchterm',$searchterm.'%');
$query->execute();
//then to fetch the results
$query->fetch(PDO::FETCH_ASSOC);
Here I used named parameters as they are more readable, but you can also use indexed parameters like that :
$query = $db->prepare("SELECT companyname, axiscategory
FROM axispl WHERE companyname
LIKE ? LIMIT 11");
$query->bindValue(1,$searchterm.'%');
$query->execute();
PDO prepare with question marks doesn't work with numbers
PDO::execute escapes all params as STRING.
$pdo = new PDO('mysql:host=localhost;dbname=mydb', 'user', 'pass');
$max = 10;
$min = 0;
$q = (isset($_GET['q']) && is_string($_GET['q'])) ? $_GET['q'] : '';
$stmt = $pdo->prepare('SELECT * FROM fruits WHERE name LIKE ? LIMIT ?, ?');
$stmt->bindValue(1, "%{$q}%", PDO::PARAM_STR);
$stmt->bindValue(2, $min , PDO::PARAM_INT);
$stmt->bindValue(3, $max , PDO::PARAM_INT);
$stmt->execute();
PDO fetch issue from two table
You can use a JOIN
SELECT
table1.OrderID,
table2.username
...
FROM
table1
INNER JOIN
table2
ON table1.orderUser = table2.username
PHP PDO Prepare & Execute Statement
The parameters you're passing in via the array are incorrect. You need to prefix them with :
as well:
$array = array(
":pageTitle" => $_POST["pageTitle"],
^--- required
Related Topics
Passing PHP Variable in Onclick Function
Update Data on a Page Without Refreshing
Cron Job to Delete Files Created Before a Specific Time
General Error: 1364 Field 'User_Id' Doesn't Have a Default Value
Regex for No More Than 5 Digits or Contain String
How to Count Columns With the Same Value in a Specific Row in MySQL
How to Echo Selected Value of Dropdown in PHP
Php Warning: Mysqli_Connect(): (Hy000/2002): Connection Refused
How to Add a Space Between Every Sequence of Four Characters (Like a Credit Card Number)
Passing an Array to a Query Using a Where Clause
How to Show Checkboxes as Checked When Values Are Set in the Database in Laravel
Generating a Truly Unique Order Id in PHP