The first query work when I remove the placeholder :p and replace with ? and at the $stmt->execute(array(':s' => $s)); replace with $stmt->execute([$s]); while the code after if(!empty($search) { is not working, look below
$mydb = new Mydb;
//a possessed id
$s = 1;
$q = 'SELECT name, street FROM mydata WHERE possessed_id = :p ';
$search = $_POST["search"]["value"];
if(!empty($search) {
$q .= 'AND (name LIKE :n OR street LIKE :s)';
}
$stmt = $mydb -> prepare($q);
$stmt->bindValue(':n', '%'.$search.'%', PDO::PARAM_STR);
$stmt->bindValue(':s', '%'.$search.'%', PDO::PARAM_STR);
$stmt->execute(array(':s' => $s));
the goal is to display all data in a table and allow search
Advertisement
Answer
When $search is empty, you have the parameter :p in your query but you try to bind the :n & :s parameters.
When $search is not empty, you have the 3 parameters (:p, :n & :s) but you still don’t bind :p.
In any case you have a different number of declared and bound parameters.
You should take care of :p and only bind the other parameters when they exist in the query:
$q = 'SELECT name, street FROM mydata WHERE possessed_id = :p ';
$search = $_POST["search"]["value"];
// Default parameters
$parameters = [
'p' => $s
];
// Add ":n" & ":s"
if('' !== $search) {
$q .= 'AND (name LIKE :n OR street LIKE :s)';
$parameters['n'] = '%' . $search . '%';
$parameters['s'] = '%' . $search . '%';
}
$stmt = $mydb->prepare($q);
// Send the parameters
$stmt->execute($parameters);
I assumed a corrected version of your parameters and their value and used only 1 way to bind the parameters to the query with an array during the execute() call.
I also removed the
empty()call (here‘s why).