We Keep Coding

Pagination with PDO prepare statement

I am using David Carr's pagination class successfully for a whole-table call (i.e. where I'm calling all the rows in the table without filtering). After including my config and the class, I accomplish it this way:
$pages = new Paginator('3','p');
$stmt = $dbh->query('SELECT count(id) FROM sermons');
$row = $stmt->fetch(PDO::FETCH_NUM);
$total = $row[0];
//pass number of records to
$pages->set_total($total);
$results = $dbh->query('SELECT * FROM sermons ORDER BY date_preached DESC '.$pages->get_limit()); ?>
<div class="paging"><p><?php echo $total; ?> sermons found</p> <?php echo $pages->page_links();?></div>
<?php
foreach($results as $row)
Etc.
That works great, but now I'm trying to implement it for the result of user filtering via forms, and because I can't use an unnamed placeholder in the query, I'm trying to do it with a prepare (which I'm guessing is more secure anyway):
$pages = new Paginator('2','p');
$series = isset($_POST['series']) ? $_POST['series'] : false;
try {
$stmt = $dbh->prepare("SELECT count(id) FROM sermons WHERE series = ?");
$stmt->execute(array($series));
$row = $stmt->fetch(PDO::FETCH_NUM);
$total = $row[0];
//pass number of records to
$pages->set_total($total);
$results = $dbh->prepare("SELECT * FROM sermons WHERE series = ? ".$pages->get_limit());
$results->bindParam(1, $series, PDO::PARAM_STR);
$results->execute(array($series));
// the call
echo $total; ?> sermons found</p> <?php echo $pages->page_links();
When I first get to the results page from the form, it looks like everything is working properly. The call correctly identifies the number of sermons found for the search result, and displays the first two (or however many I set in the $pages statement). But when I click to another page result, no sermons display, the count is gone, and my !isset(found_rows) echo returns a zero as well.
I was originally thinking the issue was that at first I was trying to do this without binding. That is questionable, since without the pagination I can display the page without binding. In any case, I've been trying that with both bindValue and bindParam, but with no luck.
Am I mishandling something in the prepare statement? Or what?
Note: I have the results page displaying fine without the pagination with this:
$series = isset($_POST['series']) ? $_POST['series'] : false;
try {
$results = $dbh->prepare("SELECT * FROM sermons WHERE series = ?");
$results->execute(array($series));
// Etc.

Insert SQL statement error

Hi Im trying to insert data into a database using an insert statement. So basically, the user inputs data into a form and then once the submit button is clicked its meant to get the property_id of the table Property.
My code is this:
<?php
$id = intval($_GET['id']);
$query = mysql_query('SELECT * FROM review WHERE property_id="'.$id.'"');
if(isset($_POST['submit']))
{
$review = mysqli_real_escape_string($mysqli, $_POST['review']);
if(mysqli_query($mysqli, "INSERT INTO review(review) VALUES ('$review')"))
{
?>
<script>alert('Successfully Updated ');</script>
<?php
}
else
{
?>
<script>alert('Error...');</script>
<?php
}
}
?>
At the top of the page is my other code which is as followed:
<?php
include_once '../db/dbconnect.php';
$id = intval($_GET['id']);
$sql = 'SELECT* FROM property WHERE property_id="'.$id.'"';
$result = mysqli_query($mysqli, $sql);
$row=mysqli_fetch_array($result);
?>
The code above basically displays all the data for that individual property. Any help would be great.

There are several errors in your code:
$id = intval($_GET['id']);
$query = mysql_query('SELECT * FROM review WHERE property_id="'.$id.'"');
The mysql_* functions are deprecated in PHP 5, and totally removed in PHP 7. Don't use them!
Moreover, it's not possible to use mysql_* and mysqli_* functions together.
Yet another error: you are executing a SELECT query, but you never fetch the results!
Note: you don't need to concatenate $id. It makes the code harder to read with plenty of useless single and double quotes, and increases the likeliness of a typo. Just enclose the variables in a double-quoted string.
You are casting $id to an int value. If the field property_id is an integer, there is no need to put single quotes around $id in the query.
Updated snippet:
$id = intval($_GET['id']);
$query = mysqli_query($mysqli, "SELECT * FROM review WHERE property_id=$id") or die(mysqli_error($mysqli));
while($r = $query->fetch_assoc()) {
// do something here with the current record $r
}
Your code:
if(mysqli_query($mysqli, "INSERT INTO review(review) VALUES ('$review')"))
[...]
<script>alert('Error...');</script>
When developing, you should display (or write to a log file) the MySQL error message from each failing query. It will make debugging much easier:
<script>alert('Error: <?= mysqli_error($mysqli) ?>');</script>

Insert Returning last ID with PDO

I am trying to get the last/current ID submitted in an Insert, I have tried lastInsertId however that didn't work. Alternatively I have used returning on the end of my insert. However that was using pg_sql. How would I use the returning line, with PDO? I am stuck with the logic of getting the value displayed using PDO in the second option.
php 5.1.6
See below
Doesn't Work
$stmt ->execute();
$newsheetID = $conn->lastInsertId('sheet_id');
echo $newsheetID . "last id";
Works But is pg_sql, I would like to get this working for PDO
$sql = "INSERT INTO sheet_tbl (site_id, username, additionalvolunteers) VALUES ('$_POST[site_id]', '$username','$_POST[additionalvolunteers]') returning sheet_id";
echo $sql;
$result = pg_query($sql);
while ($row = pg_fetch_row($result)) {
$sheet_id_post = $row[0];
echo $sheet_id_post . '<br/>';

Your looking for this, if you cannot get lastInsertId to work, this will do the job, a couple of extra lines tho:
foreach ($stmt as $row)
{
$sheet_id_post = $row[0];
echo $sheet_id_post;
}
You can always msg me. Or head to php website look for a similar loop and alter it, my answer is very similar to yours and when I first did this I just went to php.net :-)

sql update codeigniter

I am using codeIgniter..
I want to update a table column is_close when id=$ticket_id of my table= tbl_tickets.
I am doing this :-
$data=array(
'is_close'=>1
);
$this->db->where('id',$title_id);
$this->db->update('tbl_tickets',$data);
and I have also done this :-
$sql = "UPDATE tbl_tickets SET is_close={1} WHERE id='$title_id'";
$this->db->query($sql);
both are not working,i.e., my table is not updating the value to 1 and also no error is being shown in the broswer. :(
Edited: Included my model part :
function setClosePost($title_id){
$sql = "UPDATE tbl_tickets SET is_close=0 WHERE id='$title_id'";
$this->db->query($sql);
// $data=array(
// 'is_close'=>1
// );
// $this->db->where('id',$title_id);
// $this->db->update('tbl_tickets',$data);
}
My controller :-
function closePost(){
$this->load->model('helpdesk_model');
$this->helpdesk_model->setClosePost($this->input->post('title_id'));
}

first of all use a get method to check if ticket_id is exist or not.
another thing is always use return in your functions in models so you can check them by if(function_name){...}else{...}
then if your get method returned data correctly try
Model Method
public function set_closed($ticket_id){
$this->db->set(array(
'is_close'=>1
)); // pass fields in array
$this->db->where('id',$ticket_id);
$this->db->update('tbl_tickets'); // table name
return true;
}
then check that in your controller
if($this->Ticket_model->set_closed($ticket_id) == true){
echo 'ticket set to closed correctly';
}else{
echo 'there is some error on updating database'.$this->db->error(); // to checkout db error .
}

First, check $title_id before passing:
var_dump($title_id);
Then, try do "select a row with this id" before updating and after.
$query = $this->db->get_where('tbl_tickets', array('id' => $id));
foreach ($query->result() as $row)
{
var_dump($row->is_close);
}
$data=array(
'is_close'=>1
);
$this->db->where('id',$title_id);
$this->db->update('tbl_tickets',$data);
$query = $this->db->get_where('tbl_tickets', array('id' => $id));
foreach ($query->result() as $row)
{
var_dump($row->is_close);
}
Then, give your table structure.

Just try like this
$sql = "UPDATE tbl_tickets SET is_close='1' WHERE id=".$title_id;
$this->db->query($sql);

just try like this
**function edit($close,$id) {
$sql = "UPDATE tbl_tickets SET is_close= ? WHERE id = ? ";
$this->db->query($sql, array($close,$id));
}**

To handle this type of errors, i mean if reflection is not happen in database, then use below steps to resolve this type of error.
1) use $this->db->last_query() function to print query, using this we can make sure our variable have correct value (should not null or undefined), using that we can make sure also SQL query is valid or not.
2) If SQL query is valid then open phpmyadmin & fire same query into phpmyadmin, it will return error if query columns or table names are invalid.
Use this way, its best way to cross check our SQL queries issues.
I hope it will work.
Thanks

You are trying to update integer(INT) type value, just cross check with your column datatype if that is varchar then you have to put value in a single or double quote.
Like this
$data=array('is_close'=> '1');

Trying to get property of non-object Yii

I dont get this error, there is a row in database.
$tip = StringHelper::trimmer($_GET['tip']);
$sql = 'SELECT id FROM contact_reasons WHERE alias = "' . $tip . '"';
$model = ContactReasons::model()->findAllBySql( $sql );
die($model->id);
if(!is_null($model)) {
$this->render('kontakt', array(
'model' => $model,
));
} else {
$this->renderText('Tražena stranica ne postoji.');
}
I used debug to see if there is a response, and even used query on database, and it returns a row with ID. I get this error on line with die();

Please note that, findAllBySql returns an array of CActiveRecords, while findBySql returns a single CActiveRecord. You may also use parameter binding for your SQL statements to prevent SQL injection.
see also http://www.yiiframework.com/doc/api/1.1/CActiveRecord