I'm baffled by this error message
This is the line in question: $SearchQuery="SELECT * FROM emp_record WHERE ename LIKE :ename";
I have double checked the database and the variable ename is there.
This is the complete file:
I am trying to learn PDO so I joined a course on Udemy. The problem is that you can't contact anyone for support.
There is another file similar file that has the almost the same SELECT query (another variable added), but uses a prepared statement, that works. I know its only an exercise, but I like to know why things don't work!
This is the line in question: $SearchQuery="SELECT * FROM emp_record WHERE ename LIKE :ename";
I have double checked the database and the variable ename is there.
This is the complete file:
Code:
<?php
if (isset($_GET['Search'])) {
try{
require_once('db.php');
$Connection->setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_EXCEPTION);
$Search=$Connection->quote('%'.$_GET['Ename'].'%');
$SearchQuery="SELECT * FROM emp_record WHERE ename LIKE $Search";
$Execute=$Connection->query($SearchQuery);
}
catch(Exception $e){
$error=$e->getmessage();
}
}
?>
<!DOCTYPE>
<html>
<head>
<title>quote Method SQL Injection Prevention</title>
</head>
<body>
<?php
if (isset($error)) {
echo "<p>$error</p>";
}?>
<form method="GET" action="SQLInjection.php">
<fieldset>
<legend>Search for Employee</legend>
<label for="name">Name: </label>
<input type="text" name="Ename" id="name">
<input type="submit" name="Search" value="Search">
</fieldset>
</form>
<?php
if (isset($Execute)) {
$row=$Execute->fetch();
if($row){
?>
<table width="950" border="5" align="center">
<caption>Results From DataBase</caption>
<tr>
<th>ID</th>
<th>Employee Name</th>
<th>SSN</th>
<th>Department</th>
<th>Salary</th>
<th>Home Address</th>
</tr>
<?php
do{ ?>
<tr>
<td><?php echo $row['id']; ?></td>
<td><?php echo $row['ename']; ?></td>
<td><?php echo $row['ssn']; ?></td>
<td><?php echo $row['dept']; ?></td>
<td><?php echo $row['salary'];?></td>
<td><?php echo $row['homeaddress']; ?></td>
</tr>
<?php }while($row=$Execute->fetch());?>
</table>
<?php }else{
echo 'No Results Found';}
} ?>
</body>
</html>
There is another file similar file that has the almost the same SELECT query (another variable added), but uses a prepared statement, that works. I know its only an exercise, but I like to know why things don't work!