This question already has an answer here:
PDO Setting PDO::MYSQL_ATTR_FOUND_ROWS fails
(1 answer)
Closed 6 years ago.
I want to change the value of the PDO MYSQL_ATTR_FOUND_ROWS connection option between queries.
Initially I define the connection handle like:
$dbh = new PDO('mysql:host=localhost;dbname=db', $uid, $pwd, array(PDO::MYSQL_ATTR_FOUND_ROWS => true));
I would like to change the value of MYSQL_ATTR_FOUND_ROWS to false at some point in the program. Is that possible? If so, how is it done?
Try using this command:
$dbh->setAttribute("PDO::MYSQL_ATTR_FOUND_ROWS", true);
setAttribute() documentation
Related
This question already has answers here:
Use bound parameter multiple times
(5 answers)
Closed 3 years ago.
I'm having an issue with the PDO statements for ODBC.
I'm using SQL SERVER 7 in Windows Server 2003 and PHP 5.4.x
For eg:
I have the query:
(this is not the actual query but it serves right for the example)
$query = SELECT * FROM table WHERE number = :number OR number = :number
in my php i have:
$conn = new PDO($connectionString);
$conn->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$statement = $conn->prepare($query);
$statement->bindParam(':number', $someNumber);
$statement->execute();
This throws error
COUNT field incorrect or syntax error
The thing is, bindParam is only binding the FIRST occurrence of :number ... AND trying to bind it again doesn't work either.
Is there a way to bind multiple named params with the same name?
I'm trying not to use positional params using the ? instead
Theoretical you could turn on emulation of prepared statements.
You must include a unique parameter marker for each value you wish to
pass in to the statement when you call PDOStatement::execute(). You
cannot use a named parameter marker of the same name more than once in
a prepared statement, unless emulation mode is on.
http://www.php.net/manual/en/pdo.prepare.php
I don't know too much about MsSQL to be honest, but I am quite sure there is some equivalent to User Defined Variables in MySQL. You could use those instead of parameters like I described in this answer:
https://stackoverflow.com/a/31068865/3391783
Just turn emulation on, changing this setting from false to true:
$conn->setAttribute(PDO::ATTR_EMULATE_PREPARES, true);
This question already has answers here:
Why does this PDO statement silently fail?
(2 answers)
Closed 6 years ago.
I get an empty array when running:
try {
$pdo = new PDO('mysql:127.0.0.1:dbname=mytodo', 'root', 'root');
}
catch (PDOException $e) {
die('Could not connect.');
}
$statement = $pdo->prepare('select * from todos');
$statement->execute();
var_dump($statement->fetchAll());
I've checked the database and running the same query 'select * from todos' returns the results as expected.
I've tried using different databases and tables. I always get an empty array.
Any ideas as to what's going wrong?
I'm running MAMP PRO and get the same issue whatever PHP version I choose.
Any answers or pointers greatly appreciated
By default PDO will die silently on a lot of query errors. Try to check for typo errors also.
How to view query error in PDO PHP
// The rest of the statement can also go into the try block. And why not echo the $e error msg if you have one?
This question already has answers here:
How to change mysql to mysqli?
(12 answers)
Closed 2 years ago.
As mysql_real_escape_string is now deprecated, I have to change one function on the site that is using it. For the life of me, I can't figure out proper mysqli or pdo code to use. Maybe someone can guide me at the right direction. This is how it currently looks.
if (isset($_GET['btnSearch']) && !empty($_GET['txtSearch'])) {
$txtSearch = trim(mysql_real_escape_string($_GET['txtSearch']));
if (preg_match("/^(?i)BAW[0-9]+/", $txtSearch)) {
$pilot->pilot_num = strtoupper($txtSearch);
} else {
$pilot->name = $txtSearch;
}
}
Thank you all.
To replace mysql_real_escape_string with mysqli_real_escape_string you need to have an already opened connection to your DB like this:
$DBH = new mysqli($dbhost, $dbusername, $dbpasswd, $database_name);
then you can replace
mysql_real_escape_string($_GET['txtSearch'])
with
$DBH->real_escape_string($_GET['txtSearch'])
As it appears, I already have open connection and framework handles the query. All that needed is removal of
mysql_real_escape_string
This question already has answers here:
Use bound parameter multiple times
(5 answers)
Closed 3 years ago.
I'm having an issue with the PDO statements for ODBC.
I'm using SQL SERVER 7 in Windows Server 2003 and PHP 5.4.x
For eg:
I have the query:
(this is not the actual query but it serves right for the example)
$query = SELECT * FROM table WHERE number = :number OR number = :number
in my php i have:
$conn = new PDO($connectionString);
$conn->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$statement = $conn->prepare($query);
$statement->bindParam(':number', $someNumber);
$statement->execute();
This throws error
COUNT field incorrect or syntax error
The thing is, bindParam is only binding the FIRST occurrence of :number ... AND trying to bind it again doesn't work either.
Is there a way to bind multiple named params with the same name?
I'm trying not to use positional params using the ? instead
Theoretical you could turn on emulation of prepared statements.
You must include a unique parameter marker for each value you wish to
pass in to the statement when you call PDOStatement::execute(). You
cannot use a named parameter marker of the same name more than once in
a prepared statement, unless emulation mode is on.
http://www.php.net/manual/en/pdo.prepare.php
I don't know too much about MsSQL to be honest, but I am quite sure there is some equivalent to User Defined Variables in MySQL. You could use those instead of parameters like I described in this answer:
https://stackoverflow.com/a/31068865/3391783
Just turn emulation on, changing this setting from false to true:
$conn->setAttribute(PDO::ATTR_EMULATE_PREPARES, true);
This question already has answers here:
Can PHP PDO Statements accept the table or column name as parameter?
(8 answers)
Closed 8 years ago.
So I am having this strange issue with PDO, in that queries with bound variables are not executing properly for some reason. Let me show some code:
$conn = new PDO("mysql:host=$db_host;dbname=$db_name", $db_user, $db_pwd);
$sth=$conn->prepare("select count(*) from article");
$sth->execute();
var_dump($sth->fetchColumn());
This will print out the correct number of entries in the table "article".
However, if we change it slightly, by making the table a named parameter instead of a constant:
$conn = new PDO("mysql:host=$db_host;dbname=$db_name", $db_user, $db_pwd);
$sth=$conn->prepare("select count(*) from :article");
$sth->execute(array(":article"=>"article"));
var_dump($sth->fetchColumn());
This will print a boolean false. Both statements should return the same result, but I have no idea why the second one is not working. I suspect I have a typo somewhere, but I checked several times, and I don't see any issue. Anyone have any idea?
Not possible. You're trying to use a placeholder for a tablename. This is not permitted. placeholders can only replace values.
SELECT count(*) FROM :table WHERE field=:article
^^^^^^--illegal ^^^^^^^^--legal
For this, you'll have to use old-fashion string building:
$table = "article";
$sth=$conn->prepare("select count(*) from $table");
which then re-opens the SQL injection attack vulnerability, because you're now directly inserting external data into an SQL string.