I need to lock a record while fetching and updating his fields.
It's the first time I need this, so I made a test class to see how thing works(I promise I'll neve make queries in the controller again).
With a browser (chrome) i call testisolationread, with another(FF) testisolationwrite which updates all the times without problems.
I tried with select()->forUpdate() too with same results.
I tried adding "WITH RS USE AND KEEP EXCLUSIVE LOCKS" (because "WITH RS USE AND KEEP UPDATE LOCKS" throws error). So here I am.
Any advice?
Thank you
class Admin_testController extends Myprj_Controller_Main{
public function init(){
parent::init();
}
/**
* #return Strategic_Db_Adapter_Db2
* #throws Zend_Exception
*/
private function _getDb(){
$db = Zend_Registry::get('conn');
return $db;
}
public function testisolationreadAction(){
$this->_helper->layout()->disableLayout();
$this->_helper->viewRenderer->setNoRender(true);
$db = $this->_getDb();
try{
$select = $db->select()
->from('MYLIB/MYFILE', array('trim(FIELD01) as FIELD01'))->where("FIELD02 = '002654015-002'");
$stmt = $select->__toString()." WITH RR";
$result = $db->fetchRow($stmt);
sleep(10); //gives me the time to call testisolationwrite
$bind = array('FIELD01' => 'A');
$db->update('MYLIB/MYFILE', $bind, array("FIELD02 = '002654015-002'"));
$db->commit();
} catch(Exception $e){
print $stmt.'<br>';
print $e->getMessage();
$db->rollBack();
}
print '<pre>'.$stmt;
print_r($result);
}
public function testisolationwriteAction(){
$this->_helper->layout()->disableLayout();
$this->_helper->viewRenderer->setNoRender(true);
$db = $this->_getDb();
$vals = array('X', 'Y');
for($a = 0; $a < 20; $a++){
try{
$i = $vals[$a % 2];
$bind = array('FIELD01' => $i);
$db->update('MYLIB/MYFILE', $bind, "FIELD02 = '002654015-002'");
print 'SET :'.$i.' '.microtime().'<br>';
$db->commit();
} catch(Exception $e){
$db->rollBack();
}
}
}
}
Related
I've searched on stackoverflow and other sources but I cant seem to find the issue that is preventing my PHP script from working.
Look at the echo_sql. It produces a healthy update statement which when run updates the database with no problem. Here is a sample:
update waste set waste_name=1 where id =82;
However, when the script is run, it does not apply changes to the database. Here is the script:
if ($_SERVER['REQUEST_METHOD'] == "POST") {
try {
$waste_id = $_POST['waste_id'];
$sql = new db;
$sql->beginTransaction();
$waste_name = $_POST['waste_name'];
$sql->query("update waste set waste_name=:waste_name where id =:waste_id;");
$echo_sql = "update waste set waste_name=$waste_name where id =$waste_id;";
echo $echo_sql;
$sql->bind(':waste_name', $waste_name);
$sql->execute();
$sql->endTransaction();
} catch (Exception $e) {
$sql->rollBack();
echo "Failed: " . $e->getMessage();
}
}
Additional details:
errorCode() = 00000
DB Class:
class db
{
private $stmt;
private $dbc;
public function __construct()
{
$u = "root";
$p = "";
try {
$this->dbc = new PDO('mysql:host=127.0.0.1;dbname=wimsdb', $u, $p);
$this->dbc->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {
$e->getMessage();
}
}
public function bind($param, $value, $type = NULL)
{
$this->stmt->bindParam($param, $value, $type);
}
public function beginTransaction()
{
return $this->dbc->beginTransaction();
}
public function rollBack()
{
return $this->dbc->rollBack();
}
public function endTransaction()
{
return $this->dbc->commit();
}
public function cancelTransaction()
{
return $this->dbc->rollBack();
}
public function execute()
{
try {
return $this->stmt->execute();
} catch (PDOException $e) {
return $e->errorInfo;
}
}
public function errorCode()
{
return $this->stmt->errorCode();
}
public function query($query)
{
$this->stmt = $this->dbc->prepare($query);
}
}
Please offer your suggestions on how this could be resolved.
You need to bind the :waste_id too:
$waste_id = $_POST['waste_id'];
$sql = new db;
$sql->beginTransaction();
$waste_name = $_POST['waste_name'];
$sql->query("update waste set waste_name=:waste_name where id =:waste_id;");
$sql->bind(':waste_name', $waste_name);
$sql->bind(':waste_id', $waste_id);
Any time you have an issue like this your error checking should return a meaningful message letting you know where the error is and likely what the error is. You should be able to check your error logs for details and/or output them to your screen during testing.
Add waste_id. To avoid missing parameters, I like putting the parameteers into the execute method. The bind method could be defined anywhere in the code so I had to look through your code and make sure waste_id binding wasn't defined somewhere else. When it's in the execute method, you can quickly see all parameters being defined there...it's also a tad more concise...but both have their uses.
if ($_SERVER['REQUEST_METHOD'] == "POST") {
try {
$waste_id = $_POST['waste_id'];
$sql = new db;
$sql->beginTransaction();
$waste_name = $_POST['waste_name'];
$sql->query("update waste set waste_name=:waste_name where id =:waste_id;");
$echo_sql = "update waste set waste_name=$waste_name where id =$waste_id;";
echo $echo_sql;
//just because I like this syntax for being concise and clear :)
$sql->execute(array(
'waste_id' => $waste_id,
'waste_name' => $waste_name
));
$sql->endTransaction();
} catch (Exception $e) {
$sql->rollBack();
echo "Failed: " . $e->getMessage();
}
I'm using phpredis in my program, store something in the redis server, get them when the same request comes(in the same day), but I always get empty result. Can anyone give me some enlightenment? Here is the code of Cache class I'm using:
<?php
class Cache
{
public static function getInstance()
{
static $instance = null;
null == $instance && $instance = new self();
return $instance;
}
protected function __construct()
{
}
protected function getR()
{
static $r = NULL;
if (NULL == $r) {
$r = new Redis();
try {
$r->pconnect(HOST, PORT, 5);
} catch(Exception $ex) {
//log
try {
$api->connect(HOST, PORT, 5);
} catch (Exception $ex) {
//log
}
}
}
return $r;
}
public function getValue($key)
{
$result = array();
$r = $this->getR();
if(!empty($r)) {
try{
$result = $r->hKeys($key);
$r->setTimeout($keys, 86400);
} catch (Exception $ex){
//log
}
}
return $result; // return true
}
public function setValue($key, $value)
{
$result = false;
$r = $this->getR();
if(!empty($r)) {
try{
$result = $r->hMset($key, $value);
} catch (Exception $ex){
//log
}
}
}
}
?>
EDIT:
I checked the key-values with redis-cli, found something wired: the key-value data was stored in db 5 while I thought it should be in DB 0 by default without select statement, but the program retrieved db 0, of course nothing returned. Now I'm wondering why the data went to DB 5 given that I've not selected DB.
Finally, I've figured out what happend here. Before I stored my key–value pair, there was some code which also had communicated with Redis server and it had explicitly selected the DB 5, and the default DB of my redis connection was affected by last context, so my data was stored in DB 5. By coincidence, when I wanted to retrive my data, the last redis connection used DB 0, of course I got nothing.
I have two PHP scripts that I included below. Both of them attempt to do the same thing, but one works and one does not. I'm looking for someone to explain what PHP is doing under the covers. I'm new to PHP and I suspect that my Java experience is poisoning my thought process when I work in PHP.
What I'm attempting to do is functionally very simple -- Insert a question into a mySQL database table, retrieve the primary key of the inserted row, and then insert five answers into another table with a foreign key relationship to the question.
My original logic looked like this:
ManageQuestions.php:
<?php
session_start();
include('query.php');
echo "begin <br>";
if (isset($_POST['submit'])) {
echo "manageQuestion <br>";
$query = new Query;
$query->createTransaction();
$query->executeCreateUpdateDelete("INSERT INTO question (question) VALUES ('".$_POST['question']."'); ");
$question_pid = $query->getLastInsertedId();
$query->commitTransaction(); // Need to figure out how to do dirty reads so I can remove this.
echo $question_pid."<br>";
$result = $query->executeRead("SELECT question_pid FROM question where question_pid = '".$question_pid."';");
echo count($result)."<br>";
//if (count($result) === 1) {
$query->createTransaction(); // Need to figure out how to do dirty reads so I can remove this.
foreach($_POST['answer'] as $answer) {
$correctAnswers = 0;
$query->executeCreateUpdateDelete("INSERT INTO answer (question_fid, answer, isCorrect) VALUES ('".$question_pid."','".$answer['answer']."','".$answer['isCorrect']."')");
if ($answer['isCorrect'] === 1) {
$correctAnswers = $correctAnaswers + 1;
if ($correctAnswers > 1){
echo "Failed to insert answers";
$query->rollBackTransaction();
break;
}
}
}
echo "Success";
$query->commitTransaction();
/* } else {
echo "Failed to insert question";
$query->rollBackTransaction();
} */
}
?>
Query.php:
<?php
session_start();
class Query
{
private $host="<censored>";
private $username="<censored>";
private $password="<censored>";
private $db_name="<censored>";
private $pdo;
private $pdo_statement;
private $pdo_exception;
public function executeCreateUpdateDelete($pQuery)
{
$this->pdo_statement = $this->pdo->prepare($pQuery);
return $this->pdo_statement->execute();
}
public function executeRead($pQuery)
{
try
{
$dbh = new PDO("mysql:host=$this->host;dbname=$this->db_name", $this->username, $this->password);
$result = $dbh->query($pQuery);
$dbh = null;
return $result->fetchAll();
}
catch(PDOException $e)
{
echo $e->getMessage();
}
}
public function createTransaction()
{
$this->pdo = new PDO("mysql:host=$this->host;dbname=$this->db_name", $this->username, $this->password);
$this->pdo->beginTransaction();
}
public function commitTransaction()
{
$this->pdo->commit();
}
public function rollBackTransaction()
{
$this->pdo->rollBack();
}
public function getLastInsertedId()
{
$this->pdo->lastInsertId();
}
}
?>
When I rewrote my logic to not use a separate query class, I was able to do what I wanted to do. The only thing I've been able to find online about the life cycle of a PHP object is that it begins at the start of a script and ends at the end of a script. Does that imply that my query object is instantiated every time I call one of its methods and garbage collected when that particular method ends? Moving the logic out of that class and into the script caused my logic to work. This is what it looks like now:
ManageQuestions.php:
<?php
session_start();
include('query.php');
echo "Begin <br>";
if (isset($_POST['submit'])) {
echo "manageQuestion <br>";
$host="<censored>";
$username="<censored>";
$password="<censored>";
$db_name="<censored>";
$pdo = new PDO("mysql:host=$host;dbname=$db_name", $username, $password);
$stmt = $pdo->prepare("INSERT INTO question (question) VALUES ('".$_POST['question']."'); ");
$stmt->execute();
$question_pid = $pdo->lastInsertId();
echo $question_pid."<br>";
$stmt = $pdo->query("SELECT question_pid FROM question where question_pid = '".$question_pid."';");
$result = $stmt->fetchAll();
echo count($result)."<br>";
foreach($_POST['answer'] as $answer) {
$correctAnswers = 0;
$stmt = $pdo->prepare("INSERT INTO answer (question_fid, answer, isCorrect) VALUES ('".$question_pid."','".$answer['answer']."','".$answer['isCorrect']."')");
$stmt->execute();
}
echo "Success";
}
?>
Even though this fixed my issue, I don't understand why. If someone could explain that, I would be extremely grateful.
Cheers!
Does that imply that my query object is instantiated every time I call one of its methods and garbage collected when that particular method ends?
No. It's per request, not per method call. So the query object is instantiated every time the script is called and it gets unset (and not necessarily garbage collected) when the script ends.
However you could better manage the resource of the PDO object inside your Query class because you create a new instance (which would mean that it connects again to the database server which is not that cheap). So some lazy loading does not seem bad:
class Query
{
...
/** #var PDO */
private $pdo;
...
private function getPdo() {
if (!$this->pdo) {
$this->pdo = new PDO("mysql:host=$this->host;dbname=$this->db_name", $this->username, $this->password);
}
return $this->pdo;
}
public function executeRead($pQuery)
{
try {
$dbh = $this->getPdo();
$result = $dbh->query($pQuery);
return $result->fetchAll();
} catch (PDOException $e) {
echo $e->getMessage();
}
}
public function createTransaction()
{
$this->getPdo()->beginTransaction();
}
...
I am trying to create my own class to work/play with database with PDO. I am having the following method in my class:
private function connect(){
try{
$this->con = new PDO("mysql:host={$this->host};dbname={$this->db_name};charset=utf8", $this->db_user, $this->db_pass);
$this->con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$this->con->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
$this->con->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
}catch(PDOException $ex){
$this->catchError($ex);
}
}
is there any thing vulnerable in my connection? while i am providing other CRUD method in my class like this:
public function getRecordSet($sql,$bindVars=array()){
$ary = array();
try{
$this->connect();
$obj = $this->con->prepare($sql);
if(count($bindVars) > 0){
$obj->execute($bindVars);
}
else{
$obj->execute();
}
$ary = $obj->fetchAll();
}catch(PDOException $ex){
$this->catchError($ex); //Production Server: send exception through email
//echo($ex->getMessage()); //Developer Machine: Display Exceptions in browser
}
$this->con = null;
return $ary;
}//getRecordSet()
In this query users will retrive recordset as an array() using the following way for example:
$sno = 1;
$user_name = '%hussain%';
$aray = array(':sno'=>$sno,':user_name'=>$user_name);
foreach($crud->getRecordSet("SELECT * FROM users WHERE sno = :sno AND user_name LIKE :user_name",$aray) as $row){
echo('<br>'.$row['user_name']);
echo('<br>'.$row['user_password']);
echo('<br>'.$row['date_reg']);
}
Please let me know if there is anything goes wrong and makes my class vulnerable?
Thanks in advance.
Shah
Change function to
public function getRecordSet($sql, $bindVars=array()){
$obj = $this->con->prepare($sql);
$obj->execute($bindVars);
return $obj->fetchAll();
}
however, it's rather matter of sanity, not security
I have the following script that is not returning any thing at all, the best I've gotten is a var_dump to say bool(false).. There is nothing at all in my error_log and no exceptions are being thrown:
index.php:
require("php/bootstrap.php");
$campaign = new Campaign($_GET['campaign'], $mysql);
bootstrap.php:
define ("MYSQL_USER", "specialagent");
define ("MYSQL_PASS", "supertopsecret");
define ("MYSQL_HOST", "127.0.0.1");
define ("MYSQL_PORT", "3306");
define ("MYSQL_DB", "databasewithsecretinformation");
/* Auto include classes on instantiation */
function __autoload($class_name) {
include 'classes/'.$class_name.'.php';
}
/* Connections */
try {
$mysql = new PDO("mysql:host=".MYSQL_HOST.";dbname=test", MYSQL_USER, MYSQL_PASS);
} catch(PDOException $e) {
die("There was a problem connecting to the database. Error: " . $e->getMessage());
}
Campaign.php
class Campaign {
protected $dbh;
private $campaign_id = "";
private $name = "";
public function __construct ($campaign_id, PDO $db) {
//if ($campaign_id) {
$this->setCampaignID($campaign_id);
$this->dbh = $db;
$this->loadCampaignInfo();
//}
}
public function getCampaignID() {
return $this->campaign_id;
}
public function setCampaignID($id) {
$this->campaign_id = $id;
}
public function __destruct() {
//$this->dbh = null;
}
public function loadCampaignInfo() {
/* Get info from database */
$sql = "SELECT * FROM campaigns WHERE campaign=:campaignID";
try {
echo "trying query...$sql<br />";
if ($this->dbh instanceof PDO) {
$stmt = $this->dbh->prepare($sql);
$stmt->bindParam(":campaignID", $this->campaign_id, PDO::PARAM_STR);
$stmt->execute();
$row = $stmt->fetch();
echo "Returned Data: ";
var_dump($row);
} else {
echo "Not a valid PDO resource";
}
} catch (PDOException $e) {
echo "Problem : " . $e->getMessage;
} catch (Exception $e) {
echo "Other problem : " . $e->getMessage;
}
/* Set properties */
}
}
Output:
trying query...SELECT * FROM campaigns WHERE campaign=:campaignID
Returned Data: bool(false)
The problem has nothing to do with PDO.
Returned Data: bool(false) means no row were found to match condition.
Check your table if it contain the data and check input as well.
Check if you are getting the right class from autoload and all the stuff like that.
Also, change your bootstrap connection to
ini_set('display_errors',1);
error_reporting(E_ALL);
/* Connections */
$mysql = new PDO("mysql:host=".MYSQL_HOST.";dbname=test", MYSQL_USER, MYSQL_PASS);
$mysql->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
you may wish also to make the method less bloated too:
/* Get info from database */
public function loadCampaignInfo()
{
$sql = "SELECT * FROM campaigns WHERE campaign=?";
$stmt = $this->dbh->prepare($sql);
$stmt->execute([$this->campaign_id]);
return $stmt->fetch();
}
The problem was that the user did not have the correct privileges to access the database, after Your Common Sense suggested the creds were the issue, logged into MySQL cli and noticed the database was not in SHOW DATABASES.
Thanks for the help everybody.