Member Avatar for Ant_426

Hi. I have a local installation of SQLite3 and PHP which runs a small in house PHP application so sql injection is not an issue.

I am able to execute the following:

if(isset($_GET['deletequote'])) {
    $qno = $_GET['deletequote'];
    echo $qno;?><br><?php // for testing
    $db = new SQLite3('./fi_data.db') or die('Cannot delete quote. Unable to open database');
    $delresult = $db->query("
    DELETE FROM quotes
        WHERE quote_id = '".$qno."'");
  }

The code above works correctly. However, when I execute the following no data is returned:

if(isset($_GET['editquote'])) {
    $qno = $_GET['editquote'];
    echo $qno;?><br><?php // for testing        
    $db = new SQLite3('./fi_data.db') or die('Cannot edit quote. Unable to open database');
    $results = $db->query("SELECT quote_to FROM quotes WHERE quote_id = '".$qno."'");
    while ($row = $results->fetchArray()) {
    var_dump($row);
}

I have also tried with a prepared statement which also does not return any data:

if(isset($_GET['editquote'])) {
        $qno = $_GET['editquote'];
        echo $qno;?><br><?php // for testing
        $db = new SQLite3('./fi_data.db');
        $stmt = $db->prepare('SELECT quote_to  FROM quotes WHERE quote_id = :qn');
        $stmt->bindValue(':qn',$qno);
        $results =  $stmt->execute();
        while ($row = $results->fetchArray()) {
        var_dump($row);
    }

If I remove the WHERE part of the query and use only:

'SELECT quote_to  FROM quotes'

then the expected data is returned.

Why is the first statement working but not the second one?
Can anyone spot where I've gone wrong?
Thanks in advance.

Maybe there are simply no rows that have the quote_id set to the value of $qno simply because your first query literally deleted all the rows that existed in the database where that was the case.

commented: Unfortunately not. The data is visible in the table in the database. I simply included that as an example of some code which is working +0

then the expected data is returned.

Show some of the returned data.

In your examples 2 and 3 are missing final } on while loop

commented: Thanks for spotting that, Andris. Unfortunately that is not the problem though, that was just a copy/paste error on my part. +0

In your examples 2 and 3 are missing final } on while loop

Yes, that would cause a PHP fatal error which would cause the PHP script to just not display anything.

commented: Please see copy/paste comment to Andris above. I have full error reporting turned on and I am not receiving any errors. +0
Member Avatar for Ant_426

Thanks for the help, everyone.
The error was actually whitespace generated at the end of the $qno variable.
Problem was solved by using trim($qno);

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.