I have this sql statement:
$sql = "SELECT c.creating_user FROM cdiscount_listing AS c WHERE c.created_at > :before_not_keyword AND c.created_at < :after_not_keyword";
$query = $db->query($sql);
$query->bindParam(":before_not_keyword", $date." 23:59:59", PDO::PARAM_STR);
$query->bindParam(":after_not_keyword", $date." 00:00:00", PDO::PARAM_STR);
$query->execute();
$listings = $query->fetchAll();
Which gives the standard SQLSTATE[42000]: Syntax error or access violation error. However, when I hardcode the param values into the query instead the error goes away. Is there a bug in PDO itself or have I missed something here?
Note that the dates are being created like this for consistency with legacy code.
The date format: 2015-07-01 00:00:00
If you use bindParam(), you must pass second parameter by reference, but you use string (not varaible), which can not be passed by reference.
So you can use bindValue() instead of bindParam().
Thanks!
In bindParam() the second parameter should be a reference ($variable), If you want to use second parameter as value you can do that using bindValues()
For eg using bindParam():-
$before_date = $date." 23:59:59";
$after_date = $date." 00:00:00";
$query->bindParam(":before_not_keyword", $before_date, PDO::PARAM_STR);
$query->bindParam(":after_not_keyword", $after_date, PDO::PARAM_STR);
For eg using bindValues():-
$query->bindValue(":before_not_keyword", $date." 23:59:59");
$query->bindValue(":after_not_keyword", $date." 00:00:00");
Find the difference between bindValue and bindParam() from here