duanmeng2842 2018-04-07 22:45
浏览 61
已采纳

未捕获错误:在字符串上调用成员函数execute()

I am trying to use PDO to transcribe my code from mysqli.

I am making a simple low to high and vice-versa price filter

Inside preview.php I have a form with radio check buttons that are send to by POST method into search.php file

What I tried in search.php where Validating occurs:

  $sql =  "SELECT * FROM products";
      $cat_id = (($_POST['cat']!= '')?sanitize($_POST['cat']):'');
      if($cat_id == ''){
        $sql .= ' WHERE deleted = 0';
      }else{
        $sql .= "WHERE categories = '{$cat_id}' AND DELETED = 0";
      }
      $price_sort =(($_POST['price_sort'] != '')?sanitize($_POST['price_sort']):'');
      $min_price =(($_POST['min_price'] != '')?sanitize($_POST['min_price']):'');
      $max_price =(($_POST['max_price'] != '')?sanitize($_POST['max_price']):'');

      if($min_price != ''){
        $sql .= " AND price >= '{$min_price}'";
      }

      if($max_price != ''){
        $sql .= " AND price <= '{$max_price}'";
      }

      if($price_sort == 'low'){
        $sql .= " ORDER BY price";
      }

      if($price_sort == 'high'){
        $sql .= "ORDER BY price DESC";
      }
      $sql->execute();

This is returning

Uncaught Error: Call to a member function execute() on a string

Error occurs where on execute, I have tried using prepared statements and binding but I didn't find the solution

Thanks to @Chris and @Cobra_Fast I managed to resolve my full issue by doing:

  1. Making sure my PDO object is preparing the statement
  2. Binding all the parameters (escaping having variable inside query statement)


  $sql =  "SELECT * FROM products";
  $cat_id = (($_POST['cat']!= '')?sanitize($_POST['cat']):'');
  if($cat_id == ''){
    $sql .= ' WHERE deleted = 0';
  }else{
    // $sql .= "WHERE categories = '{$cat_id}' AND DELETED = 0";
    $sql .= "WHERE categories = :cat_id AND DELETED = 0";
  }
  $price_sort =(($_POST['price_sort'] != '')?sanitize($_POST['price_sort']):'');
  $min_price =(($_POST['min_price'] != '')?sanitize($_POST['min_price']):'');
  $max_price =(($_POST['max_price'] != '')?sanitize($_POST['max_price']):'');

  if($min_price != ''){
    $sql .= " AND price >= :min_price";
    $sql->bindParam( ":max_price", $min_price, PDO::PARAM_STR );

  }

  if($max_price != ''){
    $sql .= " AND price <= :max_price";
    $sql->bindParam( ":max_price", $max_price, PDO::PARAM_STR );

  }

  if($price_sort == 'low'){
    $sql .= " ORDER BY price";
  }
  if($price_sort == 'high'){
    $sql .= " ORDER BY price DESC";
  }


  // $veza->query($sql);
  $productQ =$veza->prepare($sql);
  $productQ->bindParam( ":cat_id", $cat_id, PDO::PARAM_STR );
  $productQ->execute();
  • 写回答

1条回答 默认 最新

  • dpb35161 2018-04-07 23:08
    关注

    string is a primitive type in PHP and doesn't expose any methods at all, so calling execute() on a string confuses PHP since you're trying to use it like a class instance.

    It also seems like you're trying to execute an SQL query, which means you need to take the SQL query you just built in $sql and execute it with your database driver.

    In case of PDO that could look like this:

    $sql = "SELECT * FROM products";
// ...
$pdo->query($sql);
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 echarts动画效果失效的问题。官网下载的例子。
  • ¥60 许可证msc licensing软件报错显示已有相同版本软件,但是下一步显示无法读取日志目录。
  • ¥15 Attention is all you need 的代码运行
  • ¥15 一个服务器已经有一个系统了如果用usb再装一个系统,原来的系统会被覆盖掉吗
  • ¥15 使用esm_msa1_t12_100M_UR50S蛋白质语言模型进行零样本预测时,终端显示出了sequence handled的进度条,但是并不出结果就自动终止回到命令提示行了是怎么回事:
  • ¥15 前置放大电路与功率放大电路相连放大倍数出现问题
  • ¥30 关于<main>标签页面跳转的问题
  • ¥80 部署运行web自动化项目
  • ¥15 腾讯云如何建立同一个项目中物模型之间的联系
  • ¥30 VMware 云桌面水印如何添加