Passing an operator as a parameter to odbc_execute()

I am taking my first tentative steps into prepared statements (and falling flat on my face).

Previously, I built the following from $_GET and echoed it back – the code was working fine and it returned what I expected from my simple test database.

SELECT * FROM edit_box WHERE (tag="9") AND (text="mango") ORDER BY time_stamp DESC

SELECT * FROM edit_box WHERE (tag="9") AND (text="mango") ORDER BY time_stamp DESC

​

and when I try to code it using a prepared statement, even if I don’t use $_GET but just hard-code the values from the previous, my code looks like this

$odbc_query = OdbcPrepare('SELECT * FROM edit_box WHERE (tag="?")' .
                          ' AND (text ? "?") ORDER BY time_stamp DESC');
           
$odbcResult = odbc_exec($odbc_query, array('9',  '=', 'mango'));  
var_dump($odbcResult);

$odbc_query = OdbcPrepare('SELECT * FROM edit_box WHERE (tag="?")' .

                          ' AND (text ? "?") ORDER BY time_stamp DESC');

$odbcResult = odbc_exec($odbc_query, array('9',  '=', 'mango'));  

var_dump($odbcResult);

​

I get NULL.

Obviously a beginner mistake, but I stare at it and still don’t say d’oh!

What am I doing wrong?

Answer

You cannot do this —

AND (text ? “?”)

Parameters, like this, can usually only be passed for actual values – and in some cases identifiers…

To do what you want you need to interpolate the ‘=’ inline into the SQL statement…

Kind of, like this —

$logical_operator = '=';

$sql = SELECT * FROM edit_box WHERE (tag="?") AND (text $logical_operator "?") ORDER BY time_stamp DESC');

$odbc_query = OdbcPrepare($sql);

$odbcResult = odbc_exec($odbc_query, array('9', 'mango'));  

$logical_operator = '=';

​

$sql = SELECT * FROM edit_box WHERE (tag="?") AND (text $logical_operator "?") ORDER BY time_stamp DESC');

​

$odbc_query = OdbcPrepare($sql);

​

$odbcResult = odbc_exec($odbc_query, array('9', 'mango'));  

​