Jump to content

PHP Version 5.4.45


Paul-D

Recommended Posts

Should have gone to speck savers. I have never used $pdo. I have checked. Posted first code 18 hours ago. No $pdo. I obtained help from another website now. Works fine. I won't be making a donation.

Edited by Paul-D
Link to comment
Share on other sites

$Result = Contracts($conn);
$MyRow = $Result->fetch();
echo "Value = " . $MyRow['Venue'];

function Contracts($conn)
{    
    $qList = $conn->query("SELECT * FROM EC_event WHERE ID = 2");
    return $qList;
}
?>

Yet, you declare the function after it is called (!).

$pdo, as implemented and mentioned by Barand, is just the name of the parameter (local scope) in his example. He obviously means pass the approprate $conn data to the function where the segregated database code resides.

Which reminds me, i do not see a need to use a function at all. Functions should only be used for mathematics, algorithms and subroutines (but php devs stupidly ignore subroutines as a built-in programmatc validity subroutine() {}. cube a number in a function is good. echo the string from my class file is horrible, use echo.)

I propose that you remove the unnecessary function. I see no parameters that are used to dynamiclly change the query for different needs or requirements (subroutine like usage).

I do not think that the php version number is a problem here. It seems like functions, function parameters and the proper usage of functions is a problem. Please stop trying to blame Barand for your problems. He is trying to help you.

Edited by jodunno
forgot to use code tags, sorry
Link to comment
Share on other sites

the OP is attempting to learn, develop, and debug code/query(ies) on a live/public server. either the last posted code wasn't successfully getting uploaded to the server or a lot of cheap web hosting set disk caching (time) to a high value to get as many accounts onto one server as possible and it was taking some time for the changes to take effect.

you should be learning, developing, and debugging your code/query(ies) on a localhost development system and only putting your code onto a live/public server when it is mostly completed.

Link to comment
Share on other sites

yes but Barand cab't read. He used my first atempt and kept to it. He insists that I used $pdo in my code which I did not. He said that he would close my thread down. He clearly was giving me a bloody nose. I do't have the ability do do local host. and the errors I was getting said that $conn was not declared when it was. Looky for me, I got a more frendly helpful forum. 

 

Don't bother replying to this as it is closed down now and I wont see the nasty posts.

 

Link to comment
Share on other sites

5 minutes ago, Paul-D said:

Don't bother replying to this as it is closed down now and I wont see the nasty posts

what are you talking about? noone here is being nasty or has been nasty to you. I think that you are overreacting. I read parts of this thread and i saw a suggestion by Barand to add a parameter to your function named pdo and that you have failed to pass the connection to the function which requires it. How is pointing it out to you equate to a 'bloddy nose'?

well, I am not a professional programmer (hobby for me) and i am not secretly pals with anyone here. However, you are wrong about finding a better forum. This forum has some of the nicest and most experienced pros. You will be missing out on pro help. You should give your pride a bloody nose and learn how to play nice with others. I do not see a reason for you to be nasty.

you may not thank Barand for his time and expertise, so i will do it for you: Thanks, Barand.

Meantime, i hope that your code is working and i wish you good luck in your lesser forum.

Link to comment
Share on other sites

He insisted that I had used $pdo myself. Can you tell me if this is compulsary and that $conn (which i have always used) is okay to use. He said that I have to put the connection at the top of the page and to pass the connection to the function. This canot work for me as I say next. You say you are nice frendly people so be nice not threaten "I am going to close this topic down."

***

My original post which was to convert mysql to PDF recommended by Barand. I supplied this code originally which has a database object $conn not $pdo. He said Don't connect every time you perform a query. Connect once at the top of the script, storing the connection in $pdo.  Does this mean you must not have a connection called $conn? I am using $conn all over the place.

I was told to pass the connection to the function. The problem is that I have a special functions file with over 80 functions all requiring a database connection. I have calls to these functions all over my website with web pages that don’t understand databases and can not supply a database object. A web page simply wants to know how many customers I have so calls the function as $Totals = TotalCustomers();

My function is going to require a connection as  TotalCustomers($conn) which is an agrument miss match. The only way I can see of doing this is to make repeated connection calls.

function TotalCustomers()

{

   connectDB();

  // code;

}

 

Edited by Paul-D
Link to comment
Share on other sites

31 minutes ago, Paul-D said:

He insisted that I had used $pdo myself.

Your code in this post used both $conn and $pdo, which is where the confusion began I think.  That's irrelevant now though, so lets drop that discussion.

32 minutes ago, Paul-D said:

Can you tell me if this is compulsary and that $conn (which i have always used) is okay to use.

You can use whatever variable name you want, so long as you are consistent about it.

33 minutes ago, Paul-D said:

I was told to pass the connection to the function. The problem is that I have a special functions file with over 80 functions all requiring a database connection.

You do want to change your code to avoid connecting for each query, for at least two reasons.

  1. Creating a bunch of connections can exhaust the available connections on your server, meaning some connections may stop working.
  2. The most expensive part of talking to a DB is setting up the connection.  Having to do that for every query will slow things down

Now, changing every function call to accept a parameter is not the only way to accomplish this shared connection.  Another way is to use a singleton pattern.  This is similar to a global variable but not quite as bad.  Generally this is talked about in the context of classes but you can do it with a simple function as well.  Your connectDB would look like this:


function connectDB()
{
    static $conn = null;
    if ($conn === null){
        $host = HOSTNAME1;
        $user = USERNAME1;
        $pass = PASSWORD1;
        $MyDB = DATABASE1;

        $conn = new PDO("mysql:host=$host; dbname=$MyDB; charset=UTF8", $user, $pass, [
            PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
            PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_OBJ
        ]);
    }

    return $conn;
}

static makes the variable persist across different function calls.  The first time this function is called, $conn will be null, the if will run, and your connection will get established.  On subsequent calls, $conn will hold the PDO object previously created so the if will get bypassed and the existing connection will get returned.

 

Link to comment
Share on other sites

you have stated you have a lot of code that needs to be converted. a GOOD reason to name the variable as to the type of connection it holds, e.g. $pdo, is so that you can tell by looking/searching which code has been converted and which code hasn't, then after it has been converted, anyone looking at the code can tell which database extension it is using (parts of the mysqli extension look exactly like the PDO extension.)

Link to comment
Share on other sites

Ok will stick with $pdo to see where code needs to change. I have been told or die() will not be supported in PHP7. So has been removed.

This needs to change: $total = mysql_num_rows($qValid); What is the equivalent in PDO and fetching an array $rs = mysql_fetch_array($qUser);

function LogMeX2($name , $pwd1, $Sector) // E101
{
	$Name = md5($name);
	$Pwd1 = md5($pwd1);
	$valid = 0;
	$ret = 0;
	$qValid = $pdo->query("SELECT current FROM LIBusersX WHERE UserKey = '$Pwd1' AND UserN  = '$Name'");	
	$total = mysql_num_rows($qValid);
	 if($total == 1)
	{
		
		$qUser = $pdo->query("SELECT User FROM LIBusersX WHERE UserKey = '$Pwd1' AND UserN = '$Name'");
		$rs = mysql_fetch_array($qUser);
		$ret = $rs['User'];		   	
	}
return $ret;		
}

 

Link to comment
Share on other sites

If you're only interested in the row count, you should select that.

$qValid = $pdo->query("SELECT COUNT(*) FROM LIBusersX WHERE UserKey = '$Pwd1' AND UserN  = '$Name'");	
$total = $qValid->fetchColumn();

If you wanted both a row count and the data, you could either issue a separate count query or count the rows as you fetch them.

$qValid = $pdo->query("SELECT current FROM LIBusersX WHERE UserKey = '$Pwd1' AND UserN  = '$Name'");	
$total = 0;
foreach ($qValid as $row){
    $total++;
    //Do stuff
}

 

1 hour ago, Paul-D said:

What is the equivalent in PDO and fetching an array

You use fetch() with the fetch mode set to PDO::FETCH_NUM or PDO::FETCH_ASSOC depending on if you want a numbered or associative array.

$qUser = $pdo->query("SELECT User FROM LIBusersX WHERE UserKey = '$Pwd1' AND UserN = '$Name'");
$rs = $qUser->fetch(PDO::FETCH_ASSOC);
echo $rs['User'];

If you always want to fetch an associative array, you'd specify that as your default fetch mode when you establish your connection with the attribute PDO::ATTR_DEFAULT_FETCH_MODE, then you don't have to specify it in each individual fetch.

 

Edited by kicken
Link to comment
Share on other sites

nothing has changed about or die() being supported. it was always a bad practice to use for error handling and since the PDO extension uses exceptions for errors for all (default in php8+) the statements that interact with the database server - connection, query, prepare, execute, and exec, you were told the or die() logic will never be executed upon an error and should be removed.

the great thing about using exceptions for errors is that your main in-line code only 'sees' error free execution, since execution transfers to the nearest correct type of exception handler upon an error or to php if there is no exception handling in your code. if execution continues to the line right after you have executed a query, you know that there was no error, without needing any conditional logic, simplifying the code.

the posted logic makes no sense. you are running a SELECT query to get a count of the number of rows, to decide to run the SELECT query again. just run the second SELECT query and fetch the data from it. if the query matched a row, the fetched data will be a boolean true value. if the query didn't match a row, the fetched data will be a boolen false value.

you were also told elsewhere that magic_quotes, which provided some security for string data values, has also been removed from php and that you need to use a prepared query when using external, unknown, dynamic data with a query.

converting any query to a prepared query is extremely simple -

  1. remove the variables that are inside the sql query statement (keep these variables for use later).
  2. remove any single-quotes that were around the variables and any {} or concatenation dots that were used to get the variables into the sql query statement.
  3. put a prepared query place-holder ? into the sql query statement where each variable was at.
  4. call the ->prepare() method for the resulting sql query statement. this returns a PDOstatement object, and should be named $stmt or similar.
  5. call the ->execute([...]) method with an array containing the variables you removed in step #1.
  6. for a SELECT query, use either the ->fetch() method (for a single row of data), the ->fetchAll() method (for a set of data), or sometimes the ->fetchColumn() method (when you want a single value from one row of data.)

lastly, md5() was never intended for password hashing. you should be using php's password_hash() and password_verify() for passwords. also, why are you hashing names/usernames? this prevents any wild-card searching or sorting.

Link to comment
Share on other sites

I was told that backslash was no longer used as an escape sequence but you need it if you have to insert an apostraphy into a database table like O\'Rilley. I have tried to delete this inserted code but it won't let me. Right click no delete.

 

<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');

define ('HOSTNAME1', 'mysql09.iomart.com'); 
define ('USERNAME1', 'otoogc692');
define ('PASSWORD1', 'mauritius');
define ('DATABASE1', 'otoogc692');

function connectDB()
{
	static $pdo = null;
	if($pdo === null)
	{
	$host = HOSTNAME1;
	$user = USERNAME1;
	$pass = PASSWORD1;
	$MyDB = DATABASE1;

	$conn = new PDO("mysql:host=$host; dbname=$MyDB; charset=UTF8", $user, $pass, [
			PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
			PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
			PDO::ATTR_EMULATE_PREPARES   => false,
	]);
	}
return $pdf;	
}

function LogMeX2($name , $pwd1, $Sector)fs
{
	connectDB();
	$Name = md5($name);
	$Pwd1 = md5($pwd1);
	$ret = 0;
	$qValid = $pdo->query("SELECT current FROM LIBusersX WHERE UserKey = '$Pwd1' AND UserN  = '$Name'");	
	$total = mysql_num_rows($qValid);
	 if($total == 1)
	{
		
		$qUser = $pdo->query("SELECT User FROM LIBusersX WHERE UserKey = '$Pwd1' AND UserN = '$Name'");
		$rs = mysql_fetch_array($qUser);
		$ret = $rs['User'];		   	
	}
return $ret;		
}
?>

 

Link to comment
Share on other sites

9 minutes ago, Paul-D said:

but you need it if you have to insert an apostraphy into a database table like O\'Rilley

You would need it if you wanted to insert a string like that into your query.  As mentioned above though, you're not supposed to be doing that.  You're supposed to be using prepared queries which let you keep the data and your query separated. If you just insert the data directly into your query, you open yourself up to potential SQL Injection attacks.  The steps for how to convert your queries to prepared queries were outlined above.

Link to comment
Share on other sites

In your connectdb function you create the db connection and save it in the variable $conn.  But then you return something called $pdf (??) which doesn't exist.  After that you call the connectdb function without capturing the returned connection so you can't do anything there.

IMHO I would alter that connect function to return the NEW PDO connection with  "return $conn".  In any later call of this function I would assign this returned value to $pdo and use that for all future db references.  That means you need to change the latter item I mentioned above to be "$pdo = connectDb()".  

Of course (as also already mentioned) you should begin any script that is going to be using a db with the call to your connectdb function and get that $pdo value as the result and only reference $pdo when doing db work.  You should not need to call connectdb any longer unless you are doing something with a different database later on, which would imply you should use $pdo2 perhaps for that work.  PS - you should add the database name to the connectdb function header so that you can provide it with the call to connectDB($dbname) instead of defining it inside the function.

After all of this you should be passing the $pdo variable in the call to any db-related function so that function has the connection.  Many people would call this variable ($pdo) the 'handle' to your database which removes your concerns about it from that script.

PS - Any reference to something with "mysql_" in it is invalid in the latest versions of PHP.  If you are using those functions you have a lot of changes to make which definitely makes using PDO the better improvement to your code.  It really is easier to use with just a little reading and testing out.

Here is an example of what you new code could look like: (if the comments were removed this would be a much smaller chunk of code)

$pdo = PDOConnect('database_1');	
	// a call to my std. connection logic that sets the db name
	// it also contains my credentials and options which I hardly
	//  ever touch.
...
...	(doing work)
...
// need to do a query
//	All you need to do is:
//	write the query and save it as a var for use later
//	prepare the query
//	define the prepared query values
//	run the query being sure to check the results
//	(All this needs is 2 functions which is different than mysqli uses)
$q ="select fld1, fld2, fld3 from my_table_name where keyfld = :keyvalue";
$qst = $pdo->prepare($q);		// prepare the the query to create a "query statement" variable
$parms = array('keyvalue'=>12);
	// perform the query using the parms that get substituted 
	// into the query
if($qrslts = $qst->execute($parms))	
{
	// query ran successfully so process the results
	echo "The query has found these results:<br>";
	$cnt = 0;
	while ($row = $qrslts->fetch())
	{
		echo "fld1 is {$row['fld1']}, fld2 is {$row['fld2']}, fld3 is {$row['fld3']}<br>";
		$cnt++;
	}
	echo "There were $cnt rows returned<br>";
}
else
{
	// query failed so you decide what you want to do here.
	echo "Query failed to run.  Query is<br>$q and key value was {$parms['keyvalue']}<br>";
	(handle this failure or exit)
}
//	All done with querying but you don't need to close the connection since 
//	PHP will do that at the end of this script.

I keep the query itself outside of a function call so that my code can output it if doing some debugging during development.   I use the parms array for the same reason although you could define the array as an argument to the call to execute().  I use the simple fetch() function since I mostly use the associative array for my results which is set during the connection logic.  

Link to comment
Share on other sites

if you make use of the suggestions given in this thread for the LogMeX2 function code, you should end up with this simple, and secure code (untested) -

// verify the user log in credentials
// return user id if a match, else return false
function LogMeX2($pdo,$username,$password)
{
	$sql = "SELECT User, UserKey FROM LIBusersX WHERE UserN = ?";
	$stmt = $pdo->prepare($sql);
	$stmt->execute([$username]);
	// fetch/test if a row was found, i.e. the username was found
	if(!$row = $stmt->fetch())
	{
		// username not found
		return false;
	}
	// username found, test password
	if(!password_verify($password,$row['UserKey']))
	{
		// passwrod didn't match
		return false;
	}
	// username and password matched, return user id
	return $row['User'];
}

 

Link to comment
Share on other sites

well I have done everything you sugested. I used a function ConnectDB() I used a static variable. but in the called routine function LogMeX2($name , $pwd1) I get

Notice: Undefined variable: pdo in /vhost/vhost15/d/e/s/desmond-otoole.co.uk/www/secure/SecurePDO.php on line 87. This is what I got from Kicken yesterday 08:03 but by popular request renamed $pdo

Link to comment
Share on other sites

Forgot to add the code.

<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');

define ('HOSTNAME1', 'mysql09.iomart.com'); 
define ('USERNAME1', 'otoogc692');
define ('PASSWORD1', 'mauritius');
define ('DATABASE1', 'otoogc692');

function connectDB()
{
	static $pdo = null;
	if($pdo === null)
	{
	$host = HOSTNAME1;
	$user = USERNAME1;
	$pass = PASSWORD1;
	$MyDB = DATABASE1;

	$pdo = new PDO("mysql:host=$host; dbname=$MyDB; charset=UTF8", $user, $pass, [
			PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
			PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
			PDO::ATTR_EMULATE_PREPARES   => false,
	]);
	}
return $pdo;	
}


function Session_Init()
{
if (!isset($_GET['counter']))
    $_GET['counter'] = "";
if (!isset($_SESSION['current_page']))
    $_SESSION['current_page'] = '';
if (!isset($_SESSION['Event_Log']))
    $_SESSION['Event_Log'] = '';
if (!isset($_SESSION['K9']))
    $_SESSION['K9'] = '';
if (!isset($_SESSION['Survalance']))
    $_SESSION['Survalance'] = '';
if (!isset($_SESSION["K208"]))
    $_SESSION["K208"] = '';
if (!isset($_SESSION["Error_1"]))
    $_SESSION["Error_1"] = '';
if (!isset($_SESSION["Error_2"]))
    $_SESSION["Error_2"] = '';
if (!isset($_SESSION["Error_3"]))
    $_SESSION["Error_3"] = '';
if (!isset($_SESSION["Error_4"]))
    $_SESSION["Error_4"] = '';
if (!isset($_SESSION["Error_5"]))
    $_SESSION["Error_5"] = '';
if (!isset($_SESSION["Current"]))
    $_SESSION["Current"] = '';

// Email Sessions
if (!isset($_SESSION["Name"]))
    $_SESSION["Name"] = '';
if (!isset($_SESSION["Name2"]))
    $_SESSION["Name2"] = '';
if (!isset($_SESSION["Email"]))
    $_SESSION["Email"] = '';
if (!isset($_SESSION["Subject"]))
    $_SESSION["Subject"] = '';
if (!isset($_SESSION["Msg"]))
    $_SESSION["Msg"] = '';
}

function FindMe()
{
$CookiePresent = 0;
	if (isset($_COOKIE["Headquarters"]))
	{
		if($_COOKIE["Headquarters"] == "Bananarama")
		$CookiePresent = 1;
	}
return $CookiePresent;
}

function LogMeX2($name , $pwd1)
{
	connectDB();
	$Name = md5($name);
	$Pwd1 = md5($pwd1);
	$ret = 0;
	$qValid = $pdo->query("SELECT COUNT(*) FROM LIBusersX WHERE UserKey = '$Pwd1' AND UserN  = '$Name'");	
	$total  = $qValid ->fetchcolumn(); // Should only be 1 or 0.
	 if($total == 1)
	{
		$qUser = $pdo->query("SELECT User FROM LIBusersX WHERE UserKey = '$Pwd1' AND UserN = '$Name'");
		$rs = $qUser->fetch();
		$ret = $rs['User'];	// Should return 0 or id of the user.	   	
	}
return $ret;		
}
?>

 

Link to comment
Share on other sites

mac_gyver. I can't put $pdo into the call to LogMeX"(). The web page is not supplying this connection as it does not know what a database is. I get missmatch.

WEBPAGE: $user = LogMeX2($Name , $password); 

This is not going to work with the function

function LogMeX2($pdo,$Name,$password)

Edited by Paul-D
Link to comment
Share on other sites

This is waht I get when I supply  m EXACTLY as he has given it to me.

I get this error

Warning: Missing argument 3 for LogMeX2(), called in /vhost/vhost15/d/e/s/desmond-otoole.co.uk/www/bank2/LogMe.php on line 74 and defined in /vhost/vhost15/d/e/s/desmond-otoole.co.uk/www/secure/SecurePDO.php on line 81

Fatal error: Call to a member function prepare() on a non-object in /vhost/vhost15/d/e/s/desmond-otoole.co.uk/www/secure/SecurePDO.php on line 84

And here is the entire code

<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');

define ('HOSTNAME1', 'mysql09.iomart.com'); 
define ('USERNAME1', 'otoogc692');
define ('PASSWORD1', 'mauritius');
define ('DATABASE1', 'otoogc692');

function connectDB()
{
	static $pdo = null;
	if($pdo === null)
	{
	$host = HOSTNAME1;
	$user = USERNAME1;
	$pass = PASSWORD1;
	$MyDB = DATABASE1;

	$pdo = new PDO("mysql:host=$host; dbname=$MyDB; charset=UTF8", $user, $pass, [
			PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
			PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
			PDO::ATTR_EMULATE_PREPARES   => false,
	]);
	}
return $pdo;	
}


function Session_Init()
{
if (!isset($_GET['counter']))
    $_GET['counter'] = "";
if (!isset($_SESSION['current_page']))
    $_SESSION['current_page'] = '';
if (!isset($_SESSION['Event_Log']))
    $_SESSION['Event_Log'] = '';
if (!isset($_SESSION['K9']))
    $_SESSION['K9'] = '';
if (!isset($_SESSION['Survalance']))
    $_SESSION['Survalance'] = '';
if (!isset($_SESSION["K208"]))
    $_SESSION["K208"] = '';
if (!isset($_SESSION["Error_1"]))
    $_SESSION["Error_1"] = '';
if (!isset($_SESSION["Error_2"]))
    $_SESSION["Error_2"] = '';
if (!isset($_SESSION["Error_3"]))
    $_SESSION["Error_3"] = '';
if (!isset($_SESSION["Error_4"]))
    $_SESSION["Error_4"] = '';
if (!isset($_SESSION["Error_5"]))
    $_SESSION["Error_5"] = '';
if (!isset($_SESSION["Current"]))
    $_SESSION["Current"] = '';

// Email Sessions
if (!isset($_SESSION["Name"]))
    $_SESSION["Name"] = '';
if (!isset($_SESSION["Name2"]))
    $_SESSION["Name2"] = '';
if (!isset($_SESSION["Email"]))
    $_SESSION["Email"] = '';
if (!isset($_SESSION["Subject"]))
    $_SESSION["Subject"] = '';
if (!isset($_SESSION["Msg"]))
    $_SESSION["Msg"] = '';
}

function FindMe()
{
$CookiePresent = 0;
	if (isset($_COOKIE["Headquarters"]))
	{
		if($_COOKIE["Headquarters"] == "Bananarama")
		$CookiePresent = 1;
	}
return $CookiePresent;
}

function LogMeX2($pdo,$username,$password)
{
	$sql = "SELECT User, UserKey FROM LIBusersX WHERE UserN = ?";
	$stmt = $pdo->prepare($sql);
	$stmt->execute([$username]);
	// fetch/test if a row was found, i.e. the username was found
	if(!$row = $stmt->fetch())
	{
		// username not found
		return false;
	}
	// username found, test password
	if(!password_verify($password,$row['UserKey']))
	{
		// passwrod didn't match
		return false;
	}
	// username and password matched, return user id
	return $row['User'];
}
?>

 

Link to comment
Share on other sites

And here is the other page that calls the function on line 68

<?php
require("../secure/SecurePDO.php");
session_start();
Session_Init();

$UserName = $_SESSION['USERNAME'];
$UserPWD = $_SESSION['USERPWD'];

$_SESSION["Error_1"] = "";
$_SESSION["Error_2"] = "";
$_SESSION["Error_3"] = "";
$_SESSION["Error_4"] = "";
// if cookie set then

//$Input = $_SESSION["Name"];
$Name = $_SESSION["Name"];
$password = $_SESSION["PWD1"];
$Listings = 0;

if($Name == "Desmond.")
{
	$Name = "Desmond";
	$password = "Phil Collins";
	echo "Works";
}

if($Name == "Desmond..")
{
   $_SESSION['CounterValue'] = "Show";
	$Name = "Desmond";
	$password = "Phil Collins";
}

if($Name == "Desmond...")
{
   $_SESSION['CounterValue'] = "Total";
	$Name = "Desmond";
	$password = "Phil Collins";
}

if($Name == "Desmond+")
{
   $_SESSION['CounterValue'] = "Database";
	$Name = "Desmond";
	$password = "Phil Collins";
}

$Error = 0;
if($Name  == "") // Ckey
{
  $_SESSION["Error_1"] = "Must enter user name";
  $Error = 1;
}

if($password == "") // Ukey
{
  $_SESSION["Error_2"] = "Must enter a User Key";
  $Error = 1;
}
$Ret = FindMe();

if($Ret == 0)
{
	$_SESSION["Error_2"] = "... Thats just silly";
	$Error = 1;
}

$user = LogMeX2($Name , $password); // User 

if($Error == 1 || $user == "0" || $user == "-1")
{
  header('Location: index.php');
  exit;
}
// GOOD carry on

$Pk = KeySetX(MINUTES,30);
if($Input == "Desmond.")
	$Pk = KeySetX(MINUTES,60);
	
$_SESSION["Pk"] = $Pk;

// $_SESSION["Uk"] = GetUser($_SESSION["PWD1"]);
$_SESSION["Uk"] = $user;

if($_SESSION['Event_Log'] == "Yes")
	confirmation($_SESSION["Uk"]);

// Update the Extras date fields
$_SESSION["Error_1"] = "";
$_SESSION["Error_2"] = "";
$_SESSION["Error_3"] = "";
$_SESSION["Error_4"] = "";
SetMe(0);
header('Location: Statement.php');
?>

 

Link to comment
Share on other sites

2 hours ago, Paul-D said:

well I have done everything you sugested. I used a function ConnectDB() I used a static variable. but in the called routine function LogMeX2($name , $pwd1) I get

Notice: Undefined variable: pdo in /vhost/vhost15/d/e/s/desmond-otoole.co.uk/www/secure/SecurePDO.php on line 87. This is what I got from Kicken yesterday 08:03 but by popular request renamed $pdo

You are not capturing the return value from the ConnectDB function, and thus never defining $pdo.

function LogMeX2($name , $pwd1)
{
	connectDB();
	$Name = md5($name);
	$Pwd1 = md5($pwd1);
	$ret = 0;
	$qValid = $pdo->query("SELECT COUNT(*) FROM LIBusersX WHERE UserKey = '$Pwd1' AND UserN  = '$Name'");	
	$total  = $qValid ->fetchcolumn(); // Should only be 1 or 0.
	 if($total == 1)
	{
		$qUser = $pdo->query("SELECT User FROM LIBusersX WHERE UserKey = '$Pwd1' AND UserN = '$Name'");
		$rs = $qUser->fetch();
		$ret = $rs['User'];	// Should return 0 or id of the user.	   	
	}
return $ret;		
}

Notice how you are using $pdo for your queries, but prior to that you never actually define it anywhere?  You can't say "I defined it in ConnectDB!" because that's a whole different function and variables do not get carried between functions.  ConnectDB returns your PDO instance, but you still need to assign that return value to a variable when you call it.

$pdo = ConnectDB();

 

Link to comment
Share on other sites

The way I had it before worked fine. EVERY function in the main functions page of functions established there own individual  connection. I was told not to do that HERE. I have a connection function connectDB(). Unless all the other function on this page can have full global access to the static $pdo then this can not work. I can not supply this into the function because the hundreds of web pages can't supply $pdo as an argument as there is no connection object on all the web pages. Even if they did they would all be pointing to a diffrent memory location and a different connection object. $pdo as to be fully global if it is to avoid adding the $pdo to hundreds of web pages with each one having it's own connection.

 

Edited by Paul-D
Link to comment
Share on other sites

You also do not need to do 2 queries to find out if there is a user record.  Just run your second query and check the row count returned for your 0 or 1.PDO uses a great little item called rowCount()

$q = "SELECT User FROM LIBusersX WHERE UserKey = '$Pwd1' AND UserN = '$Name'";
$qUser = $pdo->query($q);
if ($qUser->rowCount()) == 1)	
	return $qUser->fetchcolumn();
else
	return false;

You will need to check the calling code result for the false value to proceed.

Link to comment
Share on other sites

If you have 'hundreds of web pages' all making a db connection someone spent a lot of time doing unnecessary coding.  Do you have other apps written the same way?  Sounds like a career completing any kind of update/maintenance at your place.

We are trying to help you see how simple this could be and I can understand that it is giving you a scare as you realize what we are telling you.  Without us being able to see this nightmare for ourselves it would be difficult for us to help you find a work-around to implement a change in your db interface.  It sounds like there has to be changes made to all of these 'hundreds of web pages'.   Without seeing anything I can only offer that one solution would be to use a new function name for your database connection, include it into every script that you have, call it at the start of that script and then find every usage of the current db connection function and comment out all its uses and start using the assigned db connection var for any db operations. 

Edited by ginerjm
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.