I’m trying to rewrite the following as a prepared statement but I’m getting my proverbials in a twist.
$query = 'SELECT * FROM table WHERE room="'.$room.'" ORDER BY name;';
$result = $db->query($query);
foreach ( $result as $row ) {
echo '<p>', $row['name'], ' ', $row['comment'], '</p>', "\n";
}
I’ve got as far as
$query = 'SELECT * FROM table WHERE room=:room ORDER BY name;';
$stmt = $db->prepare($query);
$stmt->bindParam(':room', $room);
$result = $stmt->execute();
foreach ( $result as $row ) {
echo '<p>', $row['name'], ' ', $row['comment'], '</p>', "\n";
}
but I get Invalid argument supplied for foreach(). Can some kind soul tell me where I’m going wrong? I’m happily using prepared statements for DELETEs and INSERTs.