Click here to Skip to main content
15,113,245 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
Hello, I have a stored procedure that takes an IN parameter. I would like to retrieve a specific data in my array based on a string. I'm trying to understand how it works and I can't get the value of the parameter.

Thanks for your help in advance.

PS: I specify that I use a PDO connection

What I have tried:

Here is where the call is made:

PHP
$value = 'France';
$request = $bdd->query("CALL select_customer($value)");

while ($data = $request->fetch()) {
	echo $data['cust_name'].'<br/>';
}
Posted
Updated 19-Oct-21 22:02pm
v4

I find my error :

PHP
$request = $bdd->query("CALL select_customer('$value')");


I forget to add single quote around the $value. And it works
   
Comments
Richard Deeming 20-Oct-21 11:28am
   
Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

PHP: SQL Injection - Manual[^]
PHP: Prepared statements and stored procedures - Manual[^]

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900