PHP PDO SELECT Syntax

I have the following script that does two things:
1. Querys the DB for a list of all of the employees in the Employee Table:
2. Querys a second table with the employee_id to see if they are schedules to work:

When I run the script I get the following error:

ERROR: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ':start_date AND :end_date' at line 1

My Code:
	try {
    	$pdo = new PDO("mysql:host=localhost;BLAH BLAH BLAH");
    	$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

		if (!empty($_POST)):
	
	//Get the date info. If your database stores DATE then you need to make sure the format is correct.
			if (isset($_POST['start_date'])) {
			$start_date = $_POST['start_date'];
			} else {
				echo "Please Enter A Start Date:"; 
			}
			
			if (isset($_POST['end_date'])) {
			$end_date = $_POST['end_date'];
			} else {
				echo "Please Enter An End Date:"; 
			}
	
			$check = $pdo->query("SELECT * FROM employees");
	
	  		foreach($check as $row) {
        		echo $row['employee_id'].'<br />';
				$eid = $row['employee_id'];
			
			$check_sch = $pdo->query("SELECT * FROM schedule WHERE start_date AND end_date BETWEEN :start_date AND :end_date");
			$result = $check_sch->fetchAll();
 
		# If one or more rows were returned...
			if ( count($result) ) {
   				foreach($result as $row) {
        		print_r($row);
    			}
			} else {
    			echo "No rows returned.";
			}
    			

			}

		endif;  //  END IF
	
 	} catch(PDOException $e) {
    	echo 'ERROR: ' . $e->getMessage();
	}

?>
		<form id="schedule_date" name="schedule_date" action="add_schedule.php" method="POST" />
		
		<table>
		<tr><td width="125"><h2>BOOKING DATES::</h2><td></tr>
		<tr>
			<td align="left">Start Date:</td>
			<td align="left">
				<input type="text" name="start_date" size="45" maxlength="45" class="datepicker" value="<?php if(isset($_POST['start_date'])) echo $_POST['start_date']; ?>"  />
			</td>
		</tr>
		<tr>
			<td align="left">End Date:</td>
			<td align="left">
				<input type="text" name="end_date" size="45" maxlength="" class="datepicker" value="<?php if(isset($_POST['end_date'])) echo $_POST['end_date']; ?>"  />
			</t
		</tr>		
	</table>
		
	<div class="submit-cont">
		<input type="image" src="img/buttons/submit.png" name="submit" value="Submit" />
		<input type="hidden" name="submitted" value="TRUE" />
	</div>
</form>

Open in new window

Also, my two warnings for the empty $start_date and $end_date don't work.
Can you offer me a little insight?
LVL 8
rgranlundAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ray PaseurCommented:
0
zappafan2k2Commented:
WHERE start_date AND end_date BETWEEN :start_date AND :end_date

Open in new window

That's where your syntax error lies.  You can't compare two fields against one BETWEEN condition.

What values are you really looking for?  You might be able to get away with
WHERE start_date >= :start_date AND end_date <= :end_date

Open in new window

But I believe the equivalent of what you're trying to do above is
WHERE start_date BETWEEN :start_date AND :end_date 
    AND end_date BETWEEN :start_date AND :end_date

Open in new window

0
Ray PaseurCommented:
@zappafan2k2: Yes, and there's that, too!
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

rgranlundAuthor Commented:
@ALL
when I do this:
$check_sch = $pdo->query("SELECT * FROM schedule WHERE (start_date >= '$start_date' AND end_date <= '$end_date')");
			$result = $check_sch->fetchAll();

Open in new window


It works.  BUT What I was reading said No Single Quotes and use:.  So why does this work and is it ok?
0
Ray PaseurCommented:
It works because MySQL is forgiving and a little stupid.  IMO it's not OK to use PDO that way, and you're still subject to SQL injection if you do.  See the part about PDO - Prepare a Query here:
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_11177-PHP-MySQL-Deprecated-as-of-PHP-5-5-0.html
0
rgranlundAuthor Commented:
One of the things it does not show is if you have two variables.  How do you bind them?
is it as simple as the following???
$pdos->bindParam(':start_date', $start_date, PDO::PARAM_STR);
$pdos->bindParam(':end_date', $end_date, PDO::PARAM_STR);

Open in new window

0
Ray PaseurCommented:
If you read the entire article for understanding you should come away with examples that illustrate parameter binding.  The examples are in there!
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_11177-PHP-MySQL-Deprecated-as-of-PHP-5-5-0.html
0
Chris StanyonWebDevCommented:
@rgranlund. You're on the right track. You bind parameters to a prepated SQL statement, execute it and then grab the results. In short, something like this:

//prepare the query with named placeholders
$stmt = $pdo->prepare("SELECT * FROM schedule WHERE (start_date >= :startdate AND end_date <= :enddate)");

//bind the variables to the named placeholders
$stmt->bindParam(':startdate', $start_date, PDO::PARAM_STR);
$stmt->bindParam(':enddate', $end_date, PDO::PARAM_STR);

//execute the query
$stmt->execute();

//fetch the query results into an array
$results = $stmt->fetchAll();

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.