Jump to content

Recommended Posts

The PDO quote() function is returning an error for me, lost as to why.

 

Fatal error: Call to a member function quote() on a non-object

else{
$register_name ="$register_fname $register_lname";
$register_birthday ="$register_year - $register_month - $register_day";
$register_date=date('Y-m-d H:i:s');

SafePDOCOE(db_name);

		$quoted_account_type = $DB->quote($register_account_type);
		$quoted_email = $DB->quote($register_email);
		$quoted_fname = $DB->quote($register_fname);
		$quoted_lname = $DB->quote($register_lname);
		$quoted_name = $DB->quote($register_name);
		$encoded_password = kam3($register_password);
		$quoted_gender = $DB->quote($register_gender);
		$quoted_birthday = $DB->quote($register_birthday);
		$quoted_membership_type = $DB->quote($register_membership_type);

	try{
			$DB->beginTransaction();
			$DB->query("INSERT INTO user (email_address, password, user_level, name, membership_type, join_date)
			VALUES ($quoted_email, $encoded_password, '1', $quoted_name, $quoted_membership_type, $register_date)");
			$userid = $DB->lastInsertId();
			$DB->query("INSERT INTO user_profile (user_id, birthday, gender, first_name, last_name) 
			VALUES ($userid, $quoted_birthday, $quoted_gender, $quoted_fname, $quoted_lname)");
			$DB->commit();
	echo "Data Entered.";
	}
	catch(PDOException $e){
	$DB->rollBack();
	echo "Query Error: ". $e->getMessage();
	}
}

 

All the variables I'm quoting are coming from a form.

 

 

Here's the function:

 

function SafePDOCOE($dbname){
$DBconnect = new SafePDO_errordisplay("mysql:host=localhost;dbname=$dbname", "user", "pass");
return $DBconnect;
}

 

Should I be using $DBconnect instead of $DB? $DB is used in the SafePDO class. (EDIT: Tried changing the variable in the function to $DB, not the issue. Still have the same problem.)

Link to comment
https://forums.phpfreaks.com/topic/263526-php-pdo-quote-returning-error/
Share on other sites

Remind me again why you're using the quote function with PDO?

 

Because you need to escape incoming user submitted data when not using prepared statements. I have no reason to use prepared statements; as I'm not iterating through anything that would cause the need for duplicate queries (the point of prepared statements). Not to mention prepared statements are approximately 2 to 3 times slower than quoted/regular queries via PDO (when running single queries, multiple queries are faster). Honestly, in this specific situation, if it weren't for the transaction features of PDO, I'd actually use MySQLi.

MySQLi supports transactions as well.

I know, but it actually requires dealing directly with MySQL to control the transactions (as far as I know), PDO has them on the PHP side of things. Easier to use in my opinion. I know there's commit and rollback controls, but how do you start a transaction? Is it simply just running the first query?

 

However, the error you are getting implies that $DB is not a PDO object.

 

Alright; well here's the class/functions I'm using.

 

class SafePDO extends PDO {

        public static function exception_handler($exception) {
            // Output the exception details
            die('Uncaught exception: '. $exception->getMessage());
        }

        public function __construct($dsn, $username='', $password='', $driver_options=array()) {

            // Temporarily change the PHP exception handler while we . . .
            set_exception_handler(array(__CLASS__, 'exception_handler'));

            // . . . create a PDO object
            parent::__construct($dsn, $username, $password, $driver_options);

            // Change the exception handler back to whatever it was before
            restore_exception_handler();
        }

}

class SafePDO_errordisplay extends SafePDO {

public function connect_db($dsn, $username='', $password='', $driver_options=array()){

	parent::__construct($dsn, $username, $password, $driver_options);
		try {
		$DB = new SafePDO($dsn, $user, $password, $driver_options);
		}
		catch (PDOException $e) {
		echo 'Connection failed: ' . $e->getMessage();
		}
}
}
// Connect to the database
function SafePDOPersist($dbname){
$DB = new SafePDO_errordisplay("mysql:host=localhost;dbname=$dbname", "user", "pass", array(PDO::ATTR_PERSISTENT => true));
return $DB;
}

function SafePDOCOE($dbname){
$DB = new SafePDO_errordisplay("mysql:host=localhost;dbname=$dbname", "user", "pass");
return $DB;
}

 

Then on my page, it's called simply as:

 

SafePDOCOE(db_name);

 

Where do you ever define $DB?

 

And SafePDOCOE(db_name);

 

Shouldn't that be written as $DB = SafePDOCOE(db_name);, I mean it returns something, right?

 

100% right. Literally just caught that 5 seconds before you posted.

 

 

Now it did submited some of the data to the database, but it only did so with the second query. It didn't insert the birthday, and also missed the user_id (but that of course because the first query wasn't run). Shouldn't the rollback control have fired seeing as how nothing was submitted to the first query?

 


$register_name ="$register_fname $register_lname";
$register_birthday ="$register_year - $register_month - $register_day";
$register_date=date('Y-m-d H:i:s');

$DB = SafePDOCOE('zyquo_emotico');

		$quoted_account_type = $DB->quote($register_account_type);
		$quoted_email = $DB->quote($register_email);
		$quoted_fname = $DB->quote($register_fname);
		$quoted_lname = $DB->quote($register_lname);
		$quoted_name = $DB->quote($register_name);
		$encoded_password = kam3($register_password);
		$quoted_gender = $DB->quote($register_gender);
		$quoted_birthday = $DB->quote($register_birthday);
		$quoted_membership_type = $DB->quote($register_membership_type);

	try{
			$DB->beginTransaction();
			$DB->query("INSERT INTO user (email_address, password, user_level, name, membership_type, join_date)
			VALUES ($quoted_email, $encoded_password, '1', $quoted_name, $quoted_membership_type, $register_date)");
			$userid = $DB->lastInsertId();
			$DB->query("INSERT INTO user_profile (user_id, birthday, gender, first_name, last_name) 
			VALUES ($userid, $quoted_birthday, $quoted_gender, $quoted_fname, $quoted_lname)");
			$DB->commit();
	echo "Data Entered.";
	}
	catch(PDOException $e){
	$DB->rollBack();
	echo "Query Error: ". $e->getMessage();
	}

Yeah that was pretty obvious mate ;)

 

You need quotes around your variables. Non-qoutes only work with numbers:

 

$DB->query("INSERT INTO user (email_address, password, user_level, name, membership_type, join_date)

VALUES ('$quoted_email', '$encoded_password', '1', '$quoted_name', '$quoted_membership_type', '$register_date')");

Yeah that was pretty obvious mate ;)

 

You need quotes around your variables. Non-qoutes only work with numbers:

 

$DB->query("INSERT INTO user (email_address, password, user_level, name, membership_type, join_date)

VALUES ('$quoted_email', '$encoded_password', '1', '$quoted_name', '$quoted_membership_type', '$register_date')");

 

Shouldn't PDO::quote be adding the quotes?

Yeah that was pretty obvious mate ;)

 

You need quotes around your variables. Non-qoutes only work with numbers:

 

$DB->query("INSERT INTO user (email_address, password, user_level, name, membership_type, join_date)

VALUES ('$quoted_email', '$encoded_password', '1', '$quoted_name', '$quoted_membership_type', '$register_date')");

 

Shouldn't PDO::quote be adding the quotes?

It only escapes any existing quotes, doesn't add them =)

Query Error: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '10:22:47)' at line 2

 

 

Looks like it's the join_date time. It's wrapped in parenthesis, and I'm not quoting that. So that could be the entire issue.

 

EDIT: That would indeed have been it. Now working. Thanks for the help.

Yeah that was pretty obvious mate ;)

 

You need quotes around your variables. Non-qoutes only work with numbers:

 

$DB->query("INSERT INTO user (email_address, password, user_level, name, membership_type, join_date)

VALUES ('$quoted_email', '$encoded_password', '1', '$quoted_name', '$quoted_membership_type', '$register_date')");

 

Shouldn't PDO::quote be adding the quotes?

It only escapes any existing quotes, doesn't add them =)

 

From the manual:

PDO::quote() places quotes around the input string (if required) and escapes special characters within the input string, using a quoting style appropriate to the underlying driver.

 

Also I just tested it and it does in fact add the quotes, at least for MySQL.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.