Fatal error Uncaught exception: 'PDOException'
Message: 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''>=' '1000'' at line 3'
<select name="operator1" class="form-control mr-sm-2">
<option value="None">None</option>
<option value=">="> >= </option>
<option value="<="> <= </option>
</select>
$user = User::searchUserBuiltQuery($_POST);
var_dump($user);
public static function searchUserBuiltQuery($data)
{
$operator1 = $data['operator1'];
$amount = $data['amount'];
$operator2 = $data['operator2'];
$date = $data['registration_date'];
$sql = 'SELECT * from users
';
$db = static::getDB();
if($operator1 != "None"){
$sql .= "
WHERE userBalance :operator1 :amount";
}
if($operator2 != "None"){
$sql .= "
WHERE user_registration_date :operator2 :date";
}
if($operator1 != "None" && $operator2 != "None"){
$sql = "
WHERE userBalance :operator1 :amount
AND user_registration_date :operator2 :date";
}
$stmt = $db->prepare($sql);
if($operator1 != "None"){
$stmt->bindValue(':operator1', $operator1, PDO::PARAM_STR);
$stmt->bindValue(':amount', $amount, PDO::PARAM_STR);
}
if($operator2 != "None"){
$stmt->bindValue(':operator2', $operator2, PDO::PARAM_STR);
$stmt->bindValue(':date', $date, PDO::PARAM_STR);
}
if($operator1 != "None" && $operator2 != "None"){
$stmt->bindValue(':operator1', $operator1, PDO::PARAM_STR);
$stmt->bindValue(':amount', $amount, PDO::PARAM_STR);
$stmt->bindValue(':operator2', $operator2, PDO::PARAM_STR);
$stmt->bindValue(':date', $date, PDO::PARAM_STR);
}
$stmt->setFetchMode(PDO::FETCH_CLASS, get_called_class());
$stmt->execute();
return $stmt->fetchAll();
}
