php - SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax -


i can't figure out wrong read method (dynamic prepared statement pdo). can point me in right direction? don't think i'm using reserved sql words. perhaps i'm missing quotes or somewhere? i'm new pdo.

this read method:

public function read($select_col, $table_name, $where, $where_condition=null, $where_compare=null, $other=null){          //this method return false if # of key-value pairs don't match # of $where_condition items.         //if works, return 1-dimensional array if 1 row found. if more 1 row, 2d array.         //      return associative array.          //$select_col can array or variable (words or "*")         //$table_name $table_name (most $table_name var given object)         //$where associative array keys column names , values value test.          //      code below add ":" in front of key make named parameter.         //$where_condition allows user create other conditions (ie. "<" or ">". can single variable or array)         //$other room other stuff "asc limit 1"         $errors = array();         $sql = '"select ';          //if $select_col array, put commas after each item except last 1         if(is_array($select_col)){             $s_count = count($select_col);             for($s=0; $s<$s_count; $s++){                 $sql .= $select_col[$s];                 if($s<($s_count-1)){                     $sql .= ", ";                 }             }         } else{             $sql .= $select_col;         }         $sql .= " " . $table_name;          //if $where values given, add them sql. named parameters generated keys adding ":" in front of each key         if(!empty($where)){             $w_count = count($where);             //if there $where_condition values, make sure match number of $where key-value sets.              //if don't match up, return false , stop.             if(!empty($where_compare)){                 $wc_count = count($where_compare);                 if($w_count!=$wc_count){                     return false;                     $exit();                 }             }             $sql .= " ";             for($w=0; $w<$w_count; $w++){                 $sql .= key($where);                 if(!empty($where_compare)){                     $sql .= " " . $where_compare[$w] . " ";                 } else{                     $sql .= " = ";                 }                 $sql .= "':" . key($where) . "'";                 next($where);                 if($w<($w_count-1)){                     if(empty($where_condition)){                         $errors[] = "where condition(s) is/are missing (ie. and, or)";                     } else{                         $sql .= " " . $where_condition[$w] . " ";                     }                 }             }         }          //at point, $where keys , named parameters set or skipped section because there no values         if(!empty($other)){             $sql .= " " . $other;         }         $sql .= '"';          $stmt = $this->dbc->prepare($sql);         if(!$stmt){             $errors[] = "failed prepare query. " . $this->dbc->errorinfo();         }         foreach ($where $key => $value) {             $named_param = "':" . $key . "'";             if(is_numeric($value)){                 $type = "pdo::param_int";             } else{                 $type = "pdo::param_str";             }             $stmt->bindvalue($named_param, $value, $type);         }         $execute = $stmt->execute();         if(!$execute){             $errors[] = "query failed execute. " . $this->dbc->errorinfo();         }         $result = $stmt->fetchall(pdo::fetch_assoc);         //if 1 row returned, returns one-dimensional array. if more 1 row, two-dimensional array.         if(!empty($errors)){             return $errors;         } else{             return $result;         }    }  

this authentication method uses read method:

public static function authenticate($username="", $pw=""){     global $db;      $hashed_pw = self::encrypt_pw($username, $pw);     $where = array('username' => $username, 'pw' => $hashed_pw);     $where_condition = array("and");      $id = $db->read("user_id", "users", $where, $where_condition);     if(is_numeric($id) , $id!=0){         return true;     } else{         return false;     } } 

why have " in $sql = '"select '; , $sql .= '"';?

$sql string if that's you're trying do. you've done has added " literals before , after actual select query. removing them should solve problem.


Comments

Popular posts from this blog

html5 - What is breaking my page when printing? -

c# - must be a non-abstract type with a public parameterless constructor in redis -

ajax - PHP/JSON Login script (Twitter style) not setting sessions -