Good day. I use PDO. There is a query like:

SELECT * FROM tbl_ads AND ad_price>:minprice AND ad_price>:maxprice ORDER BY ad_parse_date DESC LIMIT 0,10

Next, I execute the query as follows:

 if($minprice!=""&&$maxprice!=""){ $where = $where." AND ad_price>:minprice AND ad_price<:maxprice"; $fields[":minprice"] = $minprice; $fields[":maxprice"] = $maxprice; } $stmt = $pdo->prepare($query); foreach($fields as $key => $value) { $stmt->bindParam($key, $value); } $stmt->execute();

When this occurs, an error of the form:

 PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND ad_price&gt;'1000000' AND ad_price&gt;'1500000'

I see that the sign> and <is replaced by the corresponding gt and lt. How can this be overcome?

  • one
    I can say stupidity, but why do you have signs close to names? maybe worth space apart? The parser is not so smart, to assume that this is not the name of the column. - Alexey Shimansky
  • @ AlekseyShimansky tried, does not help: ( - balamutik

3 answers 3

After all, you don’t have all the code where did $ where in the query participate $ stmt = $ pdo-> prepare ($ query);
Here somewhere at the stage of collecting conditions from select where, etc. in the query you probably have something like htmlentities

    The quoted query piece in the mysql error message always starts right after the problematic place.

    So the error is not in replacing the> and <characters, but in the missing WHERE statement. Replacement is most likely done when an error message is displayed and is not related to the question.

      I don’t think I’ll solve your problem, but, for example, I have an order for PHP 5.6 with PDO , here’s part of the code:

       $db_0_OBJ = $DB_MYSQL_INIT_FUNC_NAME(); $sqlCond_STR= $COL_TBL_NUM.' = :tblNum_INT AND '.$COL_MAT_STATE.' = '.$MAT_STATE_ACT.' AND '.$COL_LIN_1_UCO.' < :tblUcoDataLine1UcoMax_INT '. 'ORDER BY '.$COL_LINED.' ASC, '.$COL_LINSOR.' ASC'; $query_OBJ = $db_0_OBJ->prepare('SELECT * FROM '.PRK::$DBT_MATS_LIST.' WHERE '.$sqlCond_STR.' LIMIT 1'); $query_OBJ->bindValue(':tblNum_INT', $tblNum_INT); $query_OBJ->bindValue(':tblUcoDataLine1UcoMax_INT', $tblUcoDataLine1UcoMax_INT); $query_OBJ->execute(); echo $sqlCond_STR;//tbl_num = :tblNum_INT AND mat_state = 3 AND line_1_uco < :tblUcoDataLine1UcoMax_INT ORDER BY lined ASC, linsor ASC

      This is a working code, the request is successful, there are no replacements.

      By the way, did you notice that you missed the word WHERE in your SQL query?

      Tip: never use double (") quotes , use single ('), and who knows, maybe because of them you have a replacement? The maximum where they can be used is to display non-print characters like" \ n ".

      • What a weird fantasy with double quotes? - Ipatiev