views:

40

answers:

1

Hi, I'm trying to perform a simple SELECT statement from a string taken from a $_REQUEST var but it seem my PDO statement doesn't like the string format, why?

My $_REQUEST var contains a string like Hello+World, so I need to replace + with whitespaces to do my SELECT statement correctly.

// the data returned is Hello+World
$phrase = str_replace ("+", " ", $_REQUEST["my_data"]);

$phrase_select = $connection->prepare ("SELECT data_field FROM my_table WHERE phrase = ':phrase'");
$phrase_select->bindParam (":phrase", $phrase, PDO::PARAM_STR);
$phrase_select->execute ();
$data_field = $phrase_select->fetchColumn (); // return nothing

If I make a SELECT manually with a string "Hello+World", it works without problems, but if I do it with $_REQUEST["my_data"] it won't work, where I'm wrong?
If I print $_REQUEST["my_data"] it return exactly Hello+World

+2  A: 

you don't have to add the '..' around your bound param, pdo will do that for you

tDo
thank you! I'll need more practice to understand clearly PDO class
Vittorio Vittori