SELECT query with PDO

SELECT query without parameters

Getting a single row
Selecting multiple rows

SELECT query with parameters

SELECT query with positional placeholders
SELECT query with named placeholders
Selecting multiple rows
Comments (19)

There are several ways to run a SELECT query using PDO, that differ mainly by the presence of parameters, type of parameters, and the result type. I will show examples for the every case so you can choose one that suits you best.

Just make sure you've got a properly configured PDO connection variable that needs in order to run SQL queries with PDO and to inform you of the possible errors.

SELECT query without parameters

If there are no variables going to be used in the query, we can use a conventional query() method instead of prepare and execute.

// select all users
$stmt = $pdo->query("SELECT * FROM users");

This will give us an $stmt object that can be used to fetch the actual rows.

Getting a single row

If a query is supposed to return just a single row, then you can just call fetch() method of the $stmt variable:

// getting the last registered user
$stmt = $pdo->query("SELECT * FROM users ORDER BY id DESC LIMIT 1");
$user = $stmt->fetch();

Note that in PHP you can "chain" method calls, calling a method of the returned object already, like:

$user = $pdo->query("SELECT * FROM users ORDER BY id DESC LIMIT 1")->fetch();

Selecting multiple rows

There are two ways to fetch multiple rows returned by a query. The most traditional way is to use the fetch() method within a while loop:

$stmt = $pdo->query("SELECT * FROM users");
while ($row = $stmt->fetch()) {
    echo $row['name']."<br />\n";
}

This method could be recommended if rows have to be processed one by one. For example, if such processing is the only action that needs to be taken, or if the data needs to be pre-processed somehow before use.

But the most preferred way to fetch multiple rows which would to be shown on a web-page is calling the great helper method called fetchAll(). It will put all the rows returned by a query into a PHP array, that later can be used to output the data using a template (which is considered much better than echoing the data right during the fetch process). So the code would be

$data = $pdo->query("SELECT * FROM users")->fetchAll();
// and somewhere later:
foreach ($data as $row) {
    echo $row['name']."<br />\n";
}

SELECT query with parameters

But most of time we have to use a variable or two in the query, and in such a case we should use a prepared statement (also called a parameterized query), first preparing a query with parameters (or placeholder marks) and then executing it, sending variables separately.

In PDO we can use both positional and named placeholders. For simple queries, personally I prefer positional placeholders, I find them less verbose, but it's entirely a matter of taste.

SELECT query with positional placeholders

// select a particular user by id
$stmt = $pdo->prepare("SELECT * FROM users WHERE id=?");
$stmt->execute([$id]); 
$user = $stmt->fetch();

SELECT query with named placeholders

// select a particular user by id
$stmt = $pdo->prepare("SELECT * FROM users WHERE id=:id");
$stmt->execute(['id' => $id]); 
$user = $stmt->fetch();

Selecting multiple rows

Fetching multiple rows from a prepared query would be identical to that from a query without parameters already shown:

$stmt = $pdo->prepare("SELECT * FROM users LIMIT ?, ?");
$stmt->execute([$limit, $offset]); 
while ($row = $stmt->fetch()) {
    echo $row['name']."<br />\n";
}

$stmt = $pdo->prepare("SELECT * FROM users LIMIT :limit, :offset");
$stmt->execute(['limit' => $limit, 'offset' => $offset]); 
$data = $stmt->fetchAll();
// and somewhere later:
foreach ($data as $row) {
    echo $row['name']."<br />\n";
}

Comments:

Victor Villacorte, 14.06.22 09:38

How do I add results from a query? array_sum won't work?

 $it = "SELECT * FROM l_items WHERE job_order_id=$jId";
 $query = $dbh->query($it);
 foreach ($query as $row)
 {
     array_sum($row['item_amount']);
 }

Reply:

You need to use prepared statements and ask your database to to the summing

$sql = "SELECT sum(item_amount) FROM l_items WHERE job_order_id=?";
$stmt = $dbh->prepare($sql);
$stmt->execute([$jI]);
$sum = $stmt->fetchColumn();

Adam, 30.05.22 04:08

I have 2 questions for you: (1) How can I find the autoincrement value of a primary key after the last INSERT (i.e. the value of the primary key index after an INSERT), and (2) How can I use a variable tablename in an INSERT. I've tried $tablename but it doesn't work

Reply:
Hello Adam!

To get the inserted Id you need PDO::lastInsertId(). See https://phpdelusions.net/pdo#affected

You cannot prepare a table name. So you have to put it directly in the query. You have to validate it first: https://phpdelusions.net/pdo_examples/order_by
Damian, 18.11.21 12:24
This not working, no replacing vars limit and offset in query when execute:
```
$stmt = $pdo->prepare("SELECT * FROM users LIMIT :limit, :offset");
$stmt->execute(['limit' => $limit, 'offset' => $offset]);
```
Reply:
Hello Damian

In order to make it work, you need to turn the emulation off, as explained here https://phpdelusions.net/pdo#limit
David Bell, 15.11.21 10:13

Your tutorial on SELECT query with multiple parameters was very useful to me.

Would you please share a tutorial on Pdo multiple parameters pagination?

Many thanks in advance
Vimal K Chawla, 17.08.21 16:00

Can you please do a write up on how to generate PHP code for a *.wsdl file that uses the WS-Security for authentication? There are many simple examples on consuming a web service in php usng a wsdl file but none of them involves security. Thank you.

Ezeribe Adolf, 05.07.21 14:45

Dear Sir, Thank you very much for the great help and your precious time. Indeed, I implemented the recommendation fully, as below:

$pg_sql = "SELECT COUNT(*)
    FROM search
    WHERE MATCH(pg_desc) AGAINST(:keywords IN NATURAL LANGUAGE MODE WITH QUERY EXPANSION)";                 
$size_stmt = $pdo->prepare($pg_sql);
$size_stmt->bindParam(':keywords', $keywords, PDO::PARAM_STR);
$size_stmt->execute();
$Q1rowcount = $size_stmt->fetchColumn();
echo "Q1rows: [$keywords] {$Q1rowcount} row(s) found. <br><br>";            
exit('End of Q1 Query ');

The result?: You searched for: PHP Delusions Q1rows: [PHP Delusions] 0 row(s) found. Actually, the reason I used so many conditions in my prior code was to help me trap the source of the problem. Above code works perfectly in PHPMyAdmin. Please, give it another thought, maybe PHP, PDO settings, etc. relative to the Match()Against() construct.

Ezeribe Adolf, 04.07.21 23:55

Dear Sir, Please help me with this code! It is killing me! In my PHP, the $keywords variable comes in via my search field. It is wrapped in single ' '. I get 1 row. No wrapping, I get 1 row! I ran the code in MySql console successfully & got the 56 rows I expected from my db. Tried ? and :keywords Placeholders, I get 1 row! Did direct binding with both bindParam() and bindValue(), as PARAM_ STR & PARAM_INT respectively, same result, 1 row! Passed $keywords variable as array to execute() method, the same result! What now should I do to survive this, please, help. Also, the pg_desc field is indexed for fulltext search.

        $pg_sql = "SELECT COUNT(*)
        FROM search
        WHERE MATCH(`pg_desc`) AGAINST(':keywords' IN NATURAL LANGUAGE MODE WITH QUERY EXPANSION)";

        //! Prepare the Query
        if ( $pdo )
        {
            $size_stmt = $pdo->prepare($pg_sql);
        } 
        else 
        {
            exit("Sorry, We could not connect to the database! Please try again.");
        }           
        var_dump($size_stmt);

        $keywords = "'" . $keywords . "'";
        echo 'Keywords: '. $keywords. '<br>';

        if ($size_stmt) 
        {
            $size_stmt->bindParam(':keywords', $keywords, PDO::PARAM_STR);

            $size_stmt->execute();

            $Q1rowcount = $size_stmt->rowCount();

            echo 'Q1rows: '. $Q1rowcount . ' row(s) found.' . PHP_EOL;        
        } 
        else 
        {
            exit ('Query Q1 binding failed! Please try again');
        }

Reply:

Hello Ezeribe Adolf!

This issue is very simple. And it is actually a very common mistake. when you run a count(*) query, a database already counts the rectods for you, and therefore you shouldn't call the rowCount() method. Instead, you need to fetch the result.

And speaking of quotes, there should be NONE of them. I removed all the quotes from your code, as well as all the useless conditions:

$pg_sql = "SELECT COUNT(*) FROM search
WHERE MATCH(`pg_desc`) AGAINST(:keywords IN NATURAL LANGUAGE MODE WITH QUERY EXPANSION)";
$size_stmt = $pdo->prepare($pg_sql);

$size_stmt->bindParam(':keywords', $keywords, PDO::PARAM_STR);
$size_stmt->execute();
$Q1rowcount = $size_stmt->fetchColumn();
echo "Keywords: [$keywords] $Q1rowcount row(s) found.".PHP_EOL;

jwigs, 01.04.21 00:07

Thanks for the excellent site and tutorials, hugely useful resource. I think there maybe a typo on the 2nd to last code snippet above, shouldn't it be $pdo->prepare in both cases rather than $pdo->query given you are passing parameters?

Reply:
Thank you!

You are absolutely correct, it must be prepare indeed! Fixed.
Jude, 26.02.21 05:48
Thanks for the amazing tutorial. So, I'm having an issue. I trying to fetch posts from a WordPress database table "wp_posts", output the rows as json to be printed through Javascript (I'm using ajax to connect to the api). My code:
```
$data = array();
$posts = $db_con->query("SELECT * FROM wp_posts 
WHERE post_type='post' ORDER BY post_date DESC")->fetchAll();
foreach ( $posts as $post ){
    array_push($data, $post);
}
$out['data'] = $data;
```
Even when I use "while" with the same "array_push($data, $posts)". I get nothing when I check for the response from the api request but if I "$out['data'] = var_dump($data) or var_export($data)", I get everything in the response. I don't know what I'm doing wrong.
Reply:
I am not sure but this is what you probably need
```
$posts = $db_con->query("SELECT * FROM wp_posts 
WHERE post_type='post' ORDER BY post_date DESC")->fetchAll();
$out['data'] = $posts;
echo json_encode($out);
```
in case it's still nothing check the connection encoding ash shown in the connection example.
Dalton, 16.08.20 23:02
I am trying to select files with owner='xHswu' and format='mkv'. Here's my $sql:
```
$sql = "SELECT * FROM files WHERE owner=? AND format=?";
$sql = "SELECT * FROM files WHERE owner=? format=?";
$stmt = $pdo->prepare($sql);
....
```
I don't see in any of your examples in which the WHERE clause contains more than one field to check against. Or maybe I am doing something wrong there's is better way to achieve what I am trying to do. -Newbie
Reply:
Hello Dalton!

this is more an SQL related question because PDO only handles placeholders while the rest is just regular SQL. And yes, in SQL you need to use the AND keyword to make your query meed both criteria.

So just remove the second query and everything should work.
GioMBG, 21.11.19 13:34
I Staff, it is possible something like :
```
SELECT id FROM TABLE_NAME = :TABLE_NAME WHERE id = :id
```
as filter the TABLE_NAME ? always thanks
Reply:
Hello!

Nope it is not possible.
You must filter the table name manually.

I describe this approach here and here.

Riya Basak, 16.11.19 11:33

I'm trying to display a message when the query get no result from database. But it displaying error. This is my code:

<?php 
include "../../connection.php";
$pname = $_POST['pname'];
$stmt = $pdo->query("SELECT * FROM dlp_registration where registration_no=$pname");
$res = $stmt->fetch();
if($stmt->rowCount() == 0)
{
echo "<style>
.bg{background-image:none;}
     </style><font size='+2' color='red'>No Certificate found for this Registration No.</font>";
} else {
while($rows=$res->fetch(PDO::FETCH_BOTH)) {
?><br>
    <h4 class="candidate_name"><b><?php echo $rows['candidate_name'];?></b></h4>
    <p class="course_code"><?php echo $rows['course_code']; ?>/<?php echo $rows['registration_no']; ?></p>
    <p class="atc"><?php echo $rows['atc']; ?></p>
    <p class="date">30-10-2019</p>
<?php
    }
}
$con=NULL;
?>?>

Buddhaz, 13.08.19 12:17

I want to break a text into individual words and search every word that matches in the table. They do not need to be in order.

The execute array doesn't seem to work. Kindly help or any solution is much appreciated.

// Break text into individual word for searching
$varText = explode(" ", $text);
$textArray = array();

foreach($varText as $word){
$word = trim($word);
if(!empty($word)){
        $textArray[] = "(product_name LIKE :word)";
    }
}

if (count($varText) > 1) {
$implode = implode(' AND ', $textArray);
} else {
    $implode = implode('', $textArray);
}

$sql = $conn->prepare("SELECT * FROM products WHERE (".$implode.")");
$sql->execute(array(":word"=>"%$word%"));

pink, 09.08.19 03:02
If we do this query, will it work slowly?
```
public function GetMotherWhereCourse($id)
{
```
// $sql = ('SELECT FROM mother WHERE id = :id'); $stmt = $this->connect()->prepare('SELECT FROM mother WHERE id = :id'); $stmt->execute(['id' => $id]); while ($result = $stmt->fetch()){ $show[] = $result; return $show; } return $stmt; }

Please!! answer me!
Reply:
Hello Pink!

Nope, it will run fast.

The code is not optimal though. It should be just
```
    $stmt = $this->connect()->prepare('SELECT * FROM mother WHERE id = :id');
    $stmt->execute(['id' => $id]);
    return $stmt->fetch();
```

Ezeribe Adolf, 06.06.19 20:00

Thanks for this fantastic tutorial. It is highly appreciated. While working with it, I ran into this challenge: PDOException: SQLSTATE[HY093]: Invalid parameter number in C:\new\private\search.php on line 68. Here is the code, most of it, please. Kindly help me with what I am doing wrong, please.

$sql = "SELECT pg_id, pg_name, pg_url, pg_content, description FROM pages WHERE pg_content LIKE :keyword OR description LIKE :keyword ORDER BY pg_id DESC  ";

$searchq = $_GET['search']['keyword'];

 $start = ($pagenum - 1) * ROW_PER_PAGE;
$pagenum
ROW_PER_PAGE;
$limit = "LIMIT " . $start . "," . ROW_PER_PAGE;

worth of rows by applying $limit

//* Display Query here
$searchq = "%$searchq%";
$sqlDisplay = $sql . $limit;
$stmt = $conn->prepare($sqlDisplay);
$stmt->bindValue(":keyword", $searchq, PDO::PARAM_STR);
$stmt->execute();
$result = $stmt->fetchAll();

Reply:

Hello Ezeribe Adolf!

Just create a separate placeholder for each keyword, and bind the same variable multiple times for them

$sql = "... WHERE pg_content LIKE :keyword1 OR description LIKE :keyword2 ...";
$stmt = $conn->prepare($sql);
$stmt->bindValue(":keyword1", $searchq, PDO::PARAM_STR);
$stmt->bindValue(":keyword2", $searchq, PDO::PARAM_STR);

and it would work

Philosopher, 20.05.19 23:15

Great help, Execellent and thnaks a lot.
Gert Koetsier, 18.05.19 16:57
Hello, the following code seems to be OK, but displaying the array with foreach won't work!
```
$stmt = $pdo->prepare("SELECT * FROM bezorgwijkpcob WHERE lidnr=:lidnr");
$stmt->execute(['lidnr' => $lidnr]); 
$results = $stmt->fetchAll(PDO::FETCH_ASSOC);
```
This yielded an ASSOC ARRAY $results.

It strikes me that it is an array within an array.

Anyway:
```
foreach ($results as $item=>$value) {
    echo $item."   -   ".$value;
}
```
does not work, it does not display anything at all, although the (inner) array contains the desired filednamens (items) and values from the database as you can see. What do I wrong? Hope you have a solution
Reply:
Hello Gert.

Yes, fetchAll() returns you an array of arrays, it's the exact purpose of this function.

When you iterate over its results, you get another array which represents a row from the database. And what we are doing with arrays? Using foreach. So you have to add another foreach inside the first one.

Or you can echo distinct elements without foreach, as shown in the article above:
```
foreach ($results as $item=>$value) {
    echo $value['Email'];
    echo $value['Hnr'];
}
```
nothappening, 13.05.19 04:00

I hate to be an ass but your code nor anybody I have found code from works that includes php themsleves I think You need to give a proper tutorial not a piece meal of not working code again I know this may anger You but what angers me is when i go to find code and I get half the code and it does not work.

Not a single one of your examples work for selecting anything like you explain I can assure that as I know i'm trying it. for the past week

James Miller, 12.03.19 05:30

I wish to change to PDO for inline table edit. I want to use your update query method, but have not been able to transpose it yet. Any help would be great.

    //include connection file 
include_once("pdo.php");  //I use your universal pdo connection. 

//define index of column (this data is sent via AJAX to the process.php page and sent back to the index.php page to update the table data as an asynchronous live edit. 
$columns = array(
    0 =>'employee_name', 
    1 => 'employee_salary',
    2 => 'employee_age'
);
$error = false;
$colVal = '';
$colIndex = $rowId = 0;
$msg = array('status' => !$error, 'msg' => 'Failed! updation in mysql');
if(isset($_POST)){
    if(isset($_POST['val']) && !empty($_POST['val']) && !$error) {
  $colVal = $_POST['val'];
  $error = false;
  } else {
  $error = true;
  }
  if(isset($_POST['index']) && $_POST['index'] >= 0 &&  !$error) {
  $colIndex = $_POST['index'];
  $error = false;
  } else {
  $error = true;
  }
  if(isset($_POST['id']) && $_POST['id'] > 0 && !$error) {
  $rowId = $_POST['id'];
  $error = false;
  } else {
  $error = true;
  }
if(!$error) {
        $sql = "UPDATE employee SET ".$columns[$colIndex]." = '".$colVal."' WHERE id='".$rowId."'";  //highly prone to sql injection..need pdo???
        $status = mysqli_query($conn, $sql) or die("database error:". mysqli_error($conn));
        $msg = array('error' => $error, 'msg' => 'Success! updation in mysql');
} else {
    $msg = array('error' => $error, 'msg' => 'Failed! updation in mysql');
}
}

Reply:

Hello James!

That's a very good question.

Given you are updating just a single field, it would be easy to rewrite it to PDO

$sql = "UPDATE employee SET ".$columns[$colIndex]." = ? WHERE id=?";
$pdo->prepare($sql)->execute([$colVal,$rowId]);
$msg = array('error' => $error, 'msg' => 'Success! update in mysql');

Note that $columns[$colIndex]'s value is hardcoded in your script and that's the very right thing you are supposed to do, this part is already safe!

27.04.24 06:36
ddao for Mysqli SELECT query with prepared statements:
pFuI
read more

27.04.24 06:35
ddao for Mysqli SELECT query with prepared statements:
pFuI
read more

27.04.24 06:34
ddao for Mysqli SELECT query with prepared statements:
pFuI
read more

02.04.24 23:57
Pablo for How to call stored procedures with mysqli:
Muchas gracias por el aporte, esta instruccion es la que me faltaba ($mysqli->next_results(); no...
read more

27.03.24 11:10
Grespin for How to run a SELECT query using Mysqli:
Its not working and im going insane
read more