Click here to Skip to main content
14,732,665 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
Hi Everone, my PDO script not retrieving any result neither showing any errors.

Please can someone guide me as to what the mistake I am doing here?

My DB Connection file, no errors at all?

<?php


	$db_host = "localhost";
	
	$db_name = "Office_E";
	$db_user = "root";
	$db_pass = "";
	
	try{
		
		$con = new PDO("mysql:host={$db_host};dbname={$db_name}",$db_user,$db_pass);
		$con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
	}
	catch(PDOException $e){
		echo $e->getMessage();
	}


?>


What I have tried:

<pre>?php
include 'config.php';

## Read value
$draw = $_POST['draw'];
$row = $_POST['start'];
$rowperpage = $_POST['length']; // Rows display per page
$columnIndex = $_POST['order'][0]['column']; // Column index
$columnName = $_POST['columns'][$columnIndex]['data']; // Column name
$columnSortOrder = $_POST['order'][0]['dir']; // asc or desc
$searchValue = $_POST['search']['value']; // Search value

## Search 
$searchQuery = " ";
if($searchValue != ''){
	$searchQuery = " and (emp_no like '%".$searchValue."%' or 
        first_name like '%".$searchValue."%' or 
        last_name like'%".$searchValue."%' ) ";
}

## Total number of records without filtering - PDO style
// Count Total Records in the table
$totalRecords = $con->query("SELECT count(*) from employees")->fetchColumn();

## Total number of records with filtering - PDO Style
$totalRecordwithFilter = $con->query("SELECT count(*) from employees WHERE 1 ".$searchQuery)->fetchColumn();

## Fetch records - PDO style
$data = array();
// bind values..
$stmt = $con->prepare("select * from employees WHERE 1 ".$searchQuery." order by ".$columnName." ".$columnSortOrder." limit ".$row.",".$rowperpage;);
//$stmt->bindParam(1, $start,PDO::PARAM_INT);
//$stmt->bindParam(2, $end,PDO::PARAM_INT);
$stmt->execute();
$data1 = $stmt->fetchAll();

if ($stmt->fetchcolumn() > 0)
{
     
        foreach ($data1 as $row) {
        $data[] = array (
			"emp_no"=>$row['emp_name'],
    		"first_name"=>$row['first_name'],
    		"last_name"=>$row['last_name'],
    		"gender"=>$row['gender'],
    		"hire_date"=>$row['hire_date']
    	);
}
    unset($data1);
    
}
Posted
Updated 27-Dec-18 2:25am
v2

issue resolved by changing - using developer tools and changing the value as follows:

"emp_no"=>$row['emp_name'],

to
"emp_no"=>$row['emp_no'],


Any suggestions in improving the above code would be grateful.
   
Never build an SQL query by concatenating strings. Sooner or later, you will do it with user inputs, and this opens door to a vulnerability named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input a name like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability, and the crash is the least of the problems, a malicious user input and it is promoted to SQL commands with all credentials.
SQL injection - Wikipedia[^]
SQL Injection[^]
SQL Injection Attacks by Example[^]
PHP: SQL Injection - Manual[^]
SQL Injection Prevention Cheat Sheet - OWASP[^]
How can I explain SQL injection without technical jargon? - Information Security Stack Exchange[^]
   
Comments
Member 14093672 27-Dec-18 8:23am
   
It would be nice, if you share your knowledge and ammend the above queries, as this would be quite helpful for the other viewers aswell.

would you please?

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900