I recently moved from mysql_connect to full PDO and when using prepare and execute statments I keep getting this SQLSTATE[42000] error:
Fatal error: Uncaught exception ‘PDOException’ with message ‘SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘’ at line 1’ in /home/public_html/inc/submit.php on line 521
In summary, the $_POST[‘amon’] is from a form where a user has multiple checkboxes and contains values like 1p_2p and when submitted, the foreach picks it apart and does little mysql INSERTS via PDO. The database connection is fine ($myPDO) because I use it on other pages.
And here is the PHP:
$cdate = date("Y-m-d H:i:s");
$ctoken = mt_rand(1000, 9999);
$dvmon = 'mon';
$nstudent = $myPDO->prepare("SELECT id FROM students WHERE user_id='".$user['id']."' AND ctoken=:ctvalue");
$dinsert = $myPDO->prepare("INSERT INTO savail (user,time,day,updated) VALUES (:usvalue,:tvalue,:dayvalue,'".$cdate."'");
if (isset($ctoken)) {
$nstudent->execute(array(':ctvalue' => $ctoken));
$ns_row = $nstudent->fetch(PDO::FETCH_ASSOC);
$usvalue = $ns_row['id'];
if (!empty($_POST['amon'])) {
foreach ($_POST['amon'] as $value) {
$dinsert->bindParam(':usvalue', $usvalue, PDO::PARAM_INT);
$dinsert->bindParam(':tvalue', $value, PDO::PARAM_STR);
$dinsert->bindParam(':dayvalue', $dvmon, PDO::PARAM_STR);
$dinsert->execute();
}
}
}
Before I tried this but got the same error and people said that bindParam is the way to go
$dinsert->execute(array(':usvalue' => $usvalue, ':tvalue' => '$tvalue', ':dayvalue' => 'mon'));