Member Avatar for Ant_426

Hi. I have a local installation of SQLite3 and PHP which runs a small in house PHP application so sql injection is not an issue.

I am able to execute the following:

if(isset($_GET['deletequote'])) {
    $qno = $_GET['deletequote'];
    echo $qno;?><br><?php // for testing
    $db = new SQLite3('./fi_data.db') or die('Cannot delete quote. Unable to open database');
    $delresult = $db->query("
    DELETE FROM quotes
        WHERE quote_id = '".$qno."'");
  }

The code above works correctly. However, when I execute the following no data is returned:

if(isset($_GET['editquote'])) {
    $qno = $_GET['editquote'];
    echo $qno;?><br><?php // for testing        
    $db = new SQLite3('./fi_data.db') or die('Cannot edit quote. Unable to open database');
    $results = $db->query("SELECT quote_to FROM quotes WHERE quote_id = '".$qno."'");
    while ($row = $results->fetchArray()) {
    var_dump($row);
}

I have also tried with a prepared statement which also does not return any data:

if(isset($_GET['editquote'])) {
        $qno = $_GET['editquote'];
        echo $qno;?><br><?php // for testing
        $db = new SQLite3('./fi_data.db');
        $stmt = $db->prepare('SELECT quote_to  FROM quotes WHERE quote_id = :qn');
        $stmt->bindValue(':qn',$qno);
        $results =  $stmt->execute();
        while ($row = $results->fetchArray()) {
        var_dump($row);
    }

If I remove the WHERE part of the query and use only:

'SELECT quote_to  FROM quotes'

then the expected data is returned.

Why is the first statement working but not the second one?
Can anyone spot where I've gone wrong?
Thanks in advance.

  • 4 Contributors
  • 5 Replies
  • 481 Views
  • 4 Days Discussion Span
  • Latest Post Latest Post by Ant_426

Recommended Answers

All 5 Replies

Member Avatar for Dani

Maybe there are simply no rows that have the quote_id set to the value of $qno simply because your first query literally deleted all the rows that existed in the database where that was the case.

commented: Unfortunately not. The data is visible in the table in the database. I simply included that as an example of some code which is working +0
Member Avatar for pritaeas

then the expected data is returned.

Show some of the returned data.

Member Avatar for AndrisP

In your examples 2 and 3 are missing final } on while loop

Edited by AndrisP
commented: Thanks for spotting that, Andris. Unfortunately that is not the problem though, that was just a copy/paste error on my part. +0
Member Avatar for Dani

In your examples 2 and 3 are missing final } on while loop

Yes, that would cause a PHP fatal error which would cause the PHP script to just not display anything.

commented: Please see copy/paste comment to Andris above. I have full error reporting turned on and I am not receiving any errors. +0
Member Avatar for Ant_426

Thanks for the help, everyone.
The error was actually whitespace generated at the end of the $qno variable.
Problem was solved by using trim($qno);

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.