Invalid parameter number PDO, replacing multiple parameters. - pdo

i'm trying to check multiple columns where their values may contain the search parameter.
SELECT * FROM websites
WHERE county LIKE (:search)
OR dealer_id LIKE (:search)
OR name LIKE (:search)
OR postcode LIKE (:search)
OR theme_folder LIKE (:search)
OR url LIKE (:search)
OR website_id LIKE (:search)
OR website_type LIKE (:search)
LIMIT :start, :end
As you can see below i'm binding the parameters:
$websites->bindValue(':start', $start, \PDO::PARAM_STR);
$websites->bindValue(':end', PAGINATION_WEBSITES_PER_PAGE, \PDO::PARAM_STR);
$websites->bindValue(':search', '%'.SEARCH_TERM.'%', \PDO::PARAM_STR);
However i'm getting an error saying:
Invalid parameter number
Anyone got any ideas?

Anyone got any ideas?
Straight from the Manual:
You must include a unique parameter marker for each value you wish to pass in to the statement when you call PDOStatement::execute(). You cannot use a named parameter marker of the same name more than once in a prepared statement, unless emulation mode is on.

Related

Querying full and sub-strings via multi-valued parameter using SQL

I am building a report with Microsoft SSRS (2012) having a multi-value parameter #parCode for the user to filter for certain codes. This works perfectly fine. Generally, my query looks like this:
SELECT ...
FROM ...
WHERE
TblCode.Code IN (#Code)
ORDER BY...
The codes are of following type (just an excerpt):
C73.0
C73.1
...
C79.0
C79.1
C79.2
Now, in additon to filtering for multiple of these codes I would like to als be able to filter for sub-strings of the codes. Meaning, when the user enters (Example 1)
C79
for #parCodes The output should be
C79.0
C79.1
C79.2
So eventually the user should be able to enter (Example 2)
C73.0
C79
for #parCodes and the output would be
C73.0
C79.0
C79.1
C79.2
I managed to implement both functionalities seperately, so either filtering for multiple "complete" codes or filterting for sub-string of code, but not both simultaneously.
I tried to do something like
...
WHERE
TblCode.Code IN (#parCode +'%')
ORDER BY...
but this screws up the Example 2. On the other hand, if I try to work with LIKE or = instead of IN statement, then I won't be able to make the parameter multi-valued.
Does anyone have an idea how to realize such functionality or whether IN statement pared with multi-valued parameters simply doesn't allow for it?
Thank you very much!
Assuming you are using SQL server
WHERE (
TblCode.Code IN (#parCode)
OR
CASE
WHEN CHARINDEX('.', Code)>0 THEN LEFT(TblCode.Code, CHARINDEX('.', TblCode.Code)-1)
ELSE TblCode.Code
END IN (#parCode)
)
The first clause makes exact match so for your example matches C73.0
The second clause matches characters before the dot character so it would get values C79.0, C79.1, C79.2 etc
Warning: Filtering using expressions would invalidate the use of an index on TblCode.Code

How can I write a WHERE statement that looks for a variable OR Null?

I am attempting to write a query for an Altiris report. This query is looking for machine information. The query works fine, however the problem I am running into is with my parameters. I have set up multiple parameters within Altiris to allow me to filter and search through the report for multiple fields. Then, in my query, I add those parameters into the WHERE statements.
All of the parameters were working fine, until I added Make and Model parameters. We have quite a few machines that do not have information populated into these fields. So when I add in the WHERE xxxx LIKE N'%Make%', I lose about 500 machines based on it now only looking for machines with something in that field. I tried to fix this by adding lines like the following:
Where ((xxxx LIKE N'%Make%' OR xxxx is null))
This kind of worked, in that now the report shows all machines... But if I enter "HP" into the Make parameter field and then rerun the report... it shows all HP machines like I want, but also all of the null machines as well.
How can I rewrite my where statements so that they do not exclude machines in the report, and allow me to filter by all HP machines, without showing null values as well?
Hope this made sense, and thank you
In this snip of code, the last two lines make me lose about 500 machines in my total machine count of the report. It is omitting all machines that have null values.
WHERE
(dbo.OS_Version.[OS Name] LIKE N'%OSName%') AND
(dbo.OS_Version.[OS Version] LIKE N'%Build%') AND
(dbo.OS_Version.Name LIKE N'%Name%') AND
(dbo.Inv_AeX_AC_Identification.[Hardware Serial Number] LIKE N'%Serial%') AND
(dbo.vHWComputerSystem.Manufacturer LIKE N'%Make%') AND
(dbo.vHWComputerSystem.Model LIKE N'%Model%')
This is how I tried to fix it, and now I get all 20,000 machines. But my make/model fields report on null fields as well.
WHERE
(dbo.OS_Version.[OS Name] LIKE N'%OSName%') AND
(dbo.OS_Version.[OS Version] LIKE N'%Build%') AND
(dbo.OS_Version.Name LIKE N'%Name%') AND
(dbo.Inv_AeX_AC_Identification.[Hardware Serial Number] LIKE N'%Serial%') AND
((dbo.vHWComputerSystem.Manufacturer LIKE N'%Make%') OR (dbo.vHWComputerSystem.Manufacturer is null)) AND
((dbo.vHWComputerSystem.Model LIKE N'%Model%') OR (dbo.vHWComputerSystem.Model is null))
I'm guess that if you don't enter a value for a parameter, it's coming through as an empty string, and of course, every varchar is LIKE '%%'.
I'm not sure what RDBMS this is, but if the ISNULL function is available, try this:
where ((ISNULL(xxxx,'') LIKE N'%Make%')
This replaces nulls with the empty string before doing the LIKE comparison.
I think you want something like this:
(cs.Manufacturer LIKE N'%#Make%' OR #Make = '') AND
(cs.Model LIKE N'%#Model%' OR #Model = '')
I am using = '' rather than IS NULL because you are clearly not passing in the parameters as NULL values (the LIKE wouldn't work).
This does not provide a method for filtering to get only the NULL values, because you are using the "special value" for the parameter to mean "don't apply a filter here".
Note that cs is intended as a table alias. I also strongly recommend that you use table aliases so your queries are easier to write and to read.
I think you're looking for something like WHERE ISNULL(Model, '') LIKE '%Model%'. However, you should replace '%Model%' with a variable. The above example would literally match the word 'Model'
DECLARE #Model NVARCHAR(100) = 'T-800'
...
WHERE ISNULL(Model, '') LIKE '%' + #Model + '%'
^ This would not include rows with NULL Model values

iReport: # sql variable is not recognized

I am using Sybase 15 and have a SP which returns a result set like this:
SELECT foo,
bar,
etc,
xyz,
...
#temp_id
FROM #table
ORDER BY 2,3 DESC
When this gets to iReport the query shows the field name is blank. It knows that the field type is java.lang.Integer but I can see no way to create a field for it in the report. If I give it a name - #temp_id I get an error telling me the field isn't found. Same thing if I try it in JasperReports.
The strange thing - to me anyway - is that in my Eclipse data explorer it also shows no label for that column. Nor does it for the JasperReports Dataset and Query Dialog when I ask it to Read Fields.
I tried just calling it COLUMN_15 but that didn't work either.
What am I missing?

The right way to prepare SQL statements with parametrized text search

Suddenly I've realized that while this works in groovy just like it is expeceted:
Sql.newInstance(connectionParams).rows("SELECT FROM ITEMS WHERE id = ?", [200])
this won't work
Sql.newInstance(connectionParams).rows("SELECT FROM ITEMS WHERE name LIKE '%?%'", ["some"])
All you can get is
Failed to execute: SELECT FROM ITEMS WHERE name LIKE '%?%' because:
The column index is out of range: 1, number of columns: 0.
My questions are:
Is it intentionally implemented this way? I've never needed to have a parametrized text search, so I'm not sure where this behaviour is typical or not.
How can I nevertheless safely parametrize statement with text search in it?
I believe you want to include the %'s in the parameter, like:
Sql.newInstance(connectionParams).rows("SELECT FROM ITEMS WHERE name LIKE ?", ["%some%"])

Where Clause with Alias Visual Basic & SQL

I have inherited a MS database, to work from, this database also links to other programs so I don't want to change the database tables itself.
I'm using Visual Basic 2010,
What I need to do is have a range of filters on this table and then one extra filter entered by the user.
e.g. they enter '50' and range '5' I need to search the dataset using the range of '45 to 55'
This is my code so far for the dataset:
SELECT [CUTTER NO]
,CUTTER_ID
,[SIZE-Inches]
,[MM-Across]
,[MM-Round]
,TYPE
,[LEADING EDGE]
,[CUTTER TYPE]
,ACROSS
,ROUND
,[WIDTH PAPERmm]
,[GAPS ACROSSmm]
,[GAPS ROUNDmm]
,[Serial Number]
,[T G]
,Repeat
,[Repeat MM]
,[L&G]
,Notes
FROM [Cutter List]
WHERE (TYPE <> 'DISCONTINUED')
AND (TYPE <> 'SPEC')
AND (CUTTER_ID <> NULL)
AND ([CUTTER TYPE] = 'MP')
AND (TYPE <> 'BUTT')
ORDER BY CUTTER_ID, [MM-Across]
What I need to type into this SQL is:
WHERE [MM-Across] LIKE #[MM-Across] and [MM-Round] LIKE #[MM-Round]
Which from what I can tell on the net is wrong as I cannot have [] in a where.
I even tried :
SELECT [MM-Across] AS mmacross
FROM [Cutter List]
WHERE ('mmacross' LIKE '#mmacross')
This it accepts but I get an different error appear saying
"The Schema returned by the new query differs from the base query."
What am I doing wrong? I don't understand the last error or how to avoid this.
Two things:
You can definitely have brackets "[..]" in WHERE clauses, they just have to be in the correct places (just like anywhere else), and
You cannot use the brackets in variable or parameter references, and that means that, unlike columns, you cannot have special characters in their names, like "-" in "#MM-Across", so just change your parameter names to something like "#MM_Across".
Note that the column names are fine, it's your parameter and/or variable names that you have to change (I cannot tell which these are from your snippet).
So instead of this:
WHERE [MM-Across] LIKE #[MM-Across] and [MM-Round] LIKE #[MM-Round]
Try this:
WHERE [MM-Across] LIKE #MM_Across and [MM-Round] LIKE #MM_Round
Of course, you will also have to change the parameter/variable names wherever they are declared and passed in. If you post the code that does this, I can show you how to change that also (thoguh it may be obvious by now).