SitePoint Sponsor

User Tag List

Results 1 to 11 of 11
  1. #1
    SitePoint Member
    Join Date
    Apr 2013
    Posts
    7
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Script php PDO with myslq

    Hi, i'm new here and i'm trying to complete this script. It's something "simple"...newsletter subscribing.
    So i've a database and i was using mysql with php and i was having a injection problem, than i read that mysql is obsolute, so i tried PDO connection.

    I want to know if this script is correct, if i've some newbie errors or if i can rock on with this one.

    PHP Code:
    <?php
    $db 
    = new PDO('mysql:host=localhost;dbname=testdb;charset=utf8''username''password');
    $db->setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_EXCEPTION);
    $db->setAttribute(PDO::ATTR_EMULATE_PREPARESfalse);

    try {
        
    //connect as appropriate as above
        
    $db->query('hi'); //invalid query!
    } catch(PDOException $ex) {
        echo 
    "An Error occured!"//user friendly message
        
    some_logging_function($ex->getMessage());
    }

    if (isset(
    $_POST['nome']) && isset($_POST['email'])){
            if(
    mysql_query("INSERT INTO email_list (nome, email) VALUES ('".$_POST['nome']."', '".$_POST['email']."')")) 
        {
            echo 
    "O seu email foi adicionado! Obrigada. Your email has been added to our list! Thank You.";
        }else {
            echo 
    "Houve um erro ao adicionar o seu email. Por favor tente novamente. There was an error adding your email to our list. Please try again.";
        }
    }
    else {
        echo 
    "Input all required field";
    }
        
    ?>
    Last edited by cpradio; Apr 11, 2013 at 10:14. Reason: Added php tags

  2. #2
    SitePoint Member
    Join Date
    Dec 2012
    Posts
    14
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    First of all, does your code work at all? Second, why not use prepared statements that pdo provides. I think even pdo filters data I like to sanitize them before I process 'em.

  3. #3
    Always A Novice bronze trophy
    K. Wolfe's Avatar
    Join Date
    Nov 2003
    Location
    Columbus, OH
    Posts
    2,079
    Mentioned
    53 Post(s)
    Tagged
    0 Thread(s)
    You just executed mysql_query after making a PDO connection? mysql_query is not part of the pdo family, its deprecated.

    Actually after googling to find you a biginners place, I see your following this: http://wiki.hashphp.org/PDO_Tutorial...SQL_Developers

    You want to use this to query: $db->query('select foo from bar')->fetchAll(); But thats only the beginning of what you need to start understanding. Start reading some of the different objects here: http://www.php.net/manual/en/book.pdo.php

  4. #4
    SitePoint Member
    Join Date
    Apr 2013
    Posts
    7
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    First of all thank you for the reply =)

    ok...so this part is ok right?

    PHP Code:
     <?php
    $db 
    = new PDO('mysql:host=localhost;dbname=testdb;charset=utf8''username''password');
    $db->setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_EXCEPTION);
    $db->setAttribute(PDO::ATTR_EMULATE_PREPARESfalse);

    try {
        
    //connect as appropriate as above
        
    $db->query('hi'); //invalid query!
    } catch(PDOException $ex) {
        echo 
    "An Error occured!"//user friendly message
        
    some_logging_function($ex->getMessage());
    }
    ....and the rest i need to work better.
    I read a lot of things and the connection + the error part it's fine i guess, i just take the steps they spoke too.
    What do you think?

  5. #5
    SitePoint Member
    Join Date
    Apr 2013
    Posts
    7
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    People i need help...probably i didn't explain well!

    So i have this script
    PHP Code:
    <?php

    $con 
    mysql_connect("HOST_NAME","USERNAME","PASSWORD") or die('Could not connect: ' mysql_error());

    mysql_select_db("DATABASE_NAME"$con);

    if(
    mysql_query("INSERT INTO email_list (fullname, email) VALUES ('".$_POST['fullname']."', '".$_POST['email']."')")) {

    echo 
    "Your email has been added to our list!";

    } else {

    echo 
    "There was an error adding your email to our list. Please try again.";

    }

    mysql_close($con);

    ?>
    Than i tried to put in PDO but i can't...i put every code that i tried in this post.
    The Last was that:

    PHP Code:
    <?php
    $db 
    = new PDO('mysql:host=localhost;dbname=XXX;charset=utf8''XXX''XX');
    $db->setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_EXCEPTION);
    $db->setAttribute(PDO::ATTR_EMULATE_PREPARESfalse);

    try {
        
    //connect as appropriate as above
        
    $db->query('hi'); //invalid query!
    } catch(PDOException $ex) {
        echo 
    "An Error occured!"//user friendly message
    }

    $stmt $pdo->query("INSERT INTO `email_list` (nome, email) VALUES (:nome, :email)");
    $stmt->execute
            
    ?>
    and i received this error "ERROR: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'hi' at line 1"

    I can't understand why, someone can help me?

  6. #6
    SitePoint Member
    Join Date
    Dec 2012
    Posts
    14
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    PHP Code:
    <?php 
    try { 

    $db = new PDO('mysql:host=localhost;dbname=XXX;charset=utf8''XXX''XX'); 
    $db->setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_EXCEPTION); 
    $db->setAttribute(PDO::ATTR_EMULATE_PREPARESfalse); 

        
    //connect as appropriate as above 
        
    $db->query("hi"); //invalid query! 
    $db null;
    } catch(
    PDOException $e) { 
         echo 
    'ERROR: ' $e->getMessage(); } 

    $stmt $pdo->query("INSERT INTO `email_list` (nome, email) VALUES (:nome, :email)"); 
    $stmt->bindParam(':nome'$name); 
    $stmt->bindParam(':email'$email); 
    $stmt->execute();
             
    ?>

  7. #7
    SitePoint Member
    Join Date
    Apr 2013
    Posts
    7
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hey, i've tried that code but i've the same error.

    ERROR: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'hi' at line 1
    Fatal error: Call to a member function query() on a non-object in /home/xxx/xxx/xxx on line 14


    I can't find the answer anywhere. I google a lot for this subject but i can't find an answer.
    I just want that my clients can subscribe to my newsletter, they put their name and email than they submit and after that i can see their information in mysql.

    What i'm doing wrong?!

  8. #8
    From space with love silver trophy
    SpacePhoenix's Avatar
    Join Date
    May 2007
    Location
    Poole, UK
    Posts
    4,904
    Mentioned
    93 Post(s)
    Tagged
    0 Thread(s)
    extension=php_pdo_mysql.dll
    Have a look through your phi.ini file for the above line, if there is a ; at the start of the line, remove the ; from the start of the line, save and then restart the server
    Community Team Advisor
    Forum Guidelines: Posting FAQ Signatures FAQ Self Promotion FAQ
    Help the Mods: What's Fluff? Report Fluff/Spam to a Moderator

  9. #9
    SitePoint Member
    Join Date
    Apr 2013
    Posts
    7
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I spoke with my host company and they said that the extension=php_pdo_mysql.dll is enable. But i received the same error....

    If you had the code

    PHP Code:
    <?php 

    $con 
    mysql_connect("HOST_NAME","USERNAME","PASSWORD") or die('Could not connect: ' mysql_error()); 

    mysql_select_db("DATABASE_NAME"$con); 

    if(
    mysql_query("INSERT INTO email_list (fullname, email) VALUES ('".$_POST['fullname']."', '".$_POST['email']."')")) { 

    echo 
    "Your email has been added to our list!"

    } else { 

    echo 
    "There was an error adding your email to our list. Please try again."



    mysql_close($con); 

    ?>

    How do you put if PHP PDO? It isn't the way i'm doing?

  10. #10
    SitePoint Enthusiast
    Join Date
    Mar 2011
    Posts
    70
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    The error you were getting was because you were calling $pdo->query() but $pdo doesn't exist. The pdo instance was assigned $db. Try the following.

    PHP Code:
    <?php

    $db 
    = new PDO('mysql:host=localhost;dbname=XXX;charset=utf8''XXX''XX');
    $db->setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_EXCEPTION);
    $db->setAttribute(PDO::ATTR_EMULATE_PREPARESfalse);

    try {
        
    // insert values into database
        
    $stmt $db->query("INSERT INTO `email_list` (nome, email) VALUES (:nome, :email)");
        
    $stmt->bindValue(':nome''first last');
        
    $stmt->bindValue(':email''person@example.com');
        
    $stmt->execute();

        
    // query successful
        
    echo 'Your email has been added to our list!';
    } catch(
    PDOException $ex) {
        echo 
    'There was an error adding your email to our list. Please try again.'//user friendly message
    }

    ?>

  11. #11
    SitePoint Member
    Join Date
    Apr 2013
    Posts
    7
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    THANK YOU!!!!! I was thinking right but in the wrong path...

    Now i just need to see/learn how to avoid duplicate.

    This script was killing my mind =P


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •