I have two PHP scripts that I included below. Both of them attempt to do the same thing, but one works and one does not. I'm looking for someone to explain what PHP is doing under the covers. I'm new to PHP and I suspect that my Java experience is poisoning my thought process when I work in PHP.
What I'm attempting to do is functionally very simple -- Insert a question into a mySQL database table, retrieve the primary key of the inserted row, and then insert five answers into another table with a foreign key relationship to the question.
My original logic looked like this:
ManageQuestions.php:
<?php
session_start();
include('query.php');
echo "begin <br>";
if (isset($_POST['submit'])) {
echo "manageQuestion <br>";
$query = new Query;
$query->createTransaction();
$query->executeCreateUpdateDelete("INSERT INTO question (question) VALUES ('".$_POST['question']."'); ");
$question_pid = $query->getLastInsertedId();
$query->commitTransaction(); // Need to figure out how to do dirty reads so I can remove this.
echo $question_pid."<br>";
$result = $query->executeRead("SELECT question_pid FROM question where question_pid = '".$question_pid."';");
echo count($result)."<br>";
//if (count($result) === 1) {
$query->createTransaction(); // Need to figure out how to do dirty reads so I can remove this.
foreach($_POST['answer'] as $answer) {
$correctAnswers = 0;
$query->executeCreateUpdateDelete("INSERT INTO answer (question_fid, answer, isCorrect) VALUES ('".$question_pid."','".$answer['answer']."','".$answer['isCorrect']."')");
if ($answer['isCorrect'] === 1) {
$correctAnswers = $correctAnaswers + 1;
if ($correctAnswers > 1){
echo "Failed to insert answers";
$query->rollBackTransaction();
break;
}
}
}
echo "Success";
$query->commitTransaction();
/* } else {
echo "Failed to insert question";
$query->rollBackTransaction();
} */
}
?>
Query.php:
<?php
session_start();
class Query
{
private $host="<censored>";
private $username="<censored>";
private $password="<censored>";
private $db_name="<censored>";
private $pdo;
private $pdo_statement;
private $pdo_exception;
public function executeCreateUpdateDelete($pQuery)
{
$this->pdo_statement = $this->pdo->prepare($pQuery);
return $this->pdo_statement->execute();
}
public function executeRead($pQuery)
{
try
{
$dbh = new PDO("mysql:host=$this->host;dbname=$this->db_name", $this->username, $this->password);
$result = $dbh->query($pQuery);
$dbh = null;
return $result->fetchAll();
}
catch(PDOException $e)
{
echo $e->getMessage();
}
}
public function createTransaction()
{
$this->pdo = new PDO("mysql:host=$this->host;dbname=$this->db_name", $this->username, $this->password);
$this->pdo->beginTransaction();
}
public function commitTransaction()
{
$this->pdo->commit();
}
public function rollBackTransaction()
{
$this->pdo->rollBack();
}
public function getLastInsertedId()
{
$this->pdo->lastInsertId();
}
}
?>
When I rewrote my logic to not use a separate query class, I was able to do what I wanted to do. The only thing I've been able to find online about the life cycle of a PHP object is that it begins at the start of a script and ends at the end of a script. Does that imply that my query object is instantiated every time I call one of its methods and garbage collected when that particular method ends? Moving the logic out of that class and into the script caused my logic to work. This is what it looks like now:
ManageQuestions.php:
<?php
session_start();
include('query.php');
echo "Begin <br>";
if (isset($_POST['submit'])) {
echo "manageQuestion <br>";
$host="<censored>";
$username="<censored>";
$password="<censored>";
$db_name="<censored>";
$pdo = new PDO("mysql:host=$host;dbname=$db_name", $username, $password);
$stmt = $pdo->prepare("INSERT INTO question (question) VALUES ('".$_POST['question']."'); ");
$stmt->execute();
$question_pid = $pdo->lastInsertId();
echo $question_pid."<br>";
$stmt = $pdo->query("SELECT question_pid FROM question where question_pid = '".$question_pid."';");
$result = $stmt->fetchAll();
echo count($result)."<br>";
foreach($_POST['answer'] as $answer) {
$correctAnswers = 0;
$stmt = $pdo->prepare("INSERT INTO answer (question_fid, answer, isCorrect) VALUES ('".$question_pid."','".$answer['answer']."','".$answer['isCorrect']."')");
$stmt->execute();
}
echo "Success";
}
?>
Even though this fixed my issue, I don't understand why. If someone could explain that, I would be extremely grateful.
Cheers!
Does that imply that my query object is instantiated every time I call one of its methods and garbage collected when that particular method ends?
No. It's per request, not per method call. So the query object is instantiated every time the script is called and it gets unset (and not necessarily garbage collected) when the script ends.
However you could better manage the resource of the PDO object inside your Query class because you create a new instance (which would mean that it connects again to the database server which is not that cheap). So some lazy loading does not seem bad:
class Query
{
...
/** #var PDO */
private $pdo;
...
private function getPdo() {
if (!$this->pdo) {
$this->pdo = new PDO("mysql:host=$this->host;dbname=$this->db_name", $this->username, $this->password);
}
return $this->pdo;
}
public function executeRead($pQuery)
{
try {
$dbh = $this->getPdo();
$result = $dbh->query($pQuery);
return $result->fetchAll();
} catch (PDOException $e) {
echo $e->getMessage();
}
}
public function createTransaction()
{
$this->getPdo()->beginTransaction();
}
...
Related
What I want is to get and store the last inserted ID, but I am not sure how. The scenario is, after a user add a record he/she will be redirected to a page that will show him/her of the summary of what he/she saved. But I am not sure how I can do that, to retrieved the recently added record.
I have a class which look like this record.php
<?php
class Record {
private $conn;
private $table_name_1 = "name_of_the_table_1";
private $table_name_2 = "name_of_the_table_2";
public $name;
public $age;
public function __construct($db){
$this->conn = $db;
}
function newRecord(){
$query = "INSERT INTO " . $this->table_name_1 . " SET name=:name;
INSERT INTO " . $this->table_name_2 . " SET age=:age";
$stmt = $this->conn->prepare($query);
$this->name=$this->name;
$this->age=$this->age;
$stmt->bindParam(':name', $this->name);
$stmt->bindParam(':age', $this->age);
if($stmt->execute()){
return true;
}else{
return false;
}
}
}
?>
now I have another php form that create and add record, the code is something like this add_record.php
<?php
inlude_once 'db.php'
inlude_once 'record.php'
$database = new Database();
$db = $database->getConnection();
$record = new Record($db);
?>
<?php
if($_POST) {
$record->name=$_POST['name'];
$record->age=$_POST['age'];
if(record->record()){
header("Location:{$home_url}view_recently_added_record.php?action=record_saved");
}
else{
echo "Unable to save";
}
}
?>
The idea is to save the query to two different table and the same time automatically record the auto increment ID of table 1 to table 2 so that they have a relationship. I am thinking I can do that if I can store immediately the ID from table 1 and assigned it a variable maybe so it can be automatically saved to table two using a new query or function maybe. Is this possible? does it make sense? and another thing I wanted to display the recently recorded data immediately to the user. Thank you.
You can return $stmt->insert_id or -1 insteaf of boolean in the newRecord function:
function newRecord(){
...
if($stmt->execute()){
return $stmt->insert_id;
}else{
return -1;
}
}
and use the value to redirect like this:
$newrecord = record->newRecord();
if($newrecord != -1) {
header("Location:{$home_url}view_recently_added_record.php?action=record_saved&id=".$newrecord);
}
else{
echo "Unable to save";
}
I'm a new in web programming and would ask the advice for code below.
I have the code in class Database. There is it. As you see there's a connect to database with mysqli. And this code work.
function __construct() {
$this->conn = $this->connectDB();
}
function connectDB() {
$conn = mysqli_connect($this->host,$this->user,$this->password,$this->database);
return $conn;
}
function runBaseQuery($query) {
$result = mysqli_query($this->conn,$query);
while($row=mysqli_fetch_assoc($result)) {
$resultset[] = $row;
}
if(!empty($resultset))
return $resultset;
}
function runQuery($query, $param_type, $param_value_array) {
$sql = $this->conn->prepare($query);
$this->bindQueryParams($sql, $param_type, $param_value_array);
$sql->execute();
$result = $sql->get_result();
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
$resultset[] = $row;
}
}
if(!empty($resultset)) {
return $resultset;
}
}
function bindQueryParams($sql, $param_type, $param_value_array) {
$param_value_reference[] = & $param_type;
for($i=0; $i<count($param_value_array); $i++) {
$param_value_reference[] = & $param_value_array[$i];
}
call_user_func_array(array(
$sql,
'bind_param'
), $param_value_reference);
}
function insert($query, $param_type, $param_value_array) {
$sql = $this->conn->prepare($query);
$this->bindQueryParams($sql, $param_type, $param_value_array);
$sql->execute();
}
function update($query, $param_type, $param_value_array) {
$sql = $this->conn->prepare($query);
$this->bindQueryParams($sql, $param_type, $param_value_array);
$sql->execute();
}
I have to write this class in PDO. I've done it, but something is wrong. I try to connect my Database and get the error
Fatal error: Uncaught TypeError: PDO::__construct() expects parameter 4
class DB {
private $host = "";
private $user = "";
private $password = "";
private $database = "";
private $pdo;
function __construct() {
$this->pdo = $this->connectDB();
}
function connectDB() {
try
{
$pdo = new PDO($this->host,$this->user,$this->password,$this->database);
}
catch (PDOException $e) {
print "Error!: " . $e->getMessage();
}
die();
}
function runBaseQuery($query)
{
$result = $pdo->query($query);
while ($row = $pdo->fetch(PDO::FETCH_ASSOC)) {
$resultset[] = $row;
}
if (!empty($resultset))
return $resultset;
}
function runQuery($query, $param_type, $param_value_array) {
$sql = $pdo->prepare($query);
$pdo->execute($sql, $param_type, $param_value_array);
$result = $pdo->fetchAll(PDO::FETCH_ASSOC);
if ($result->num_rows > 0) {
while ($row = $pdo->fetchAll(PDO::FETCH_ASSOC)) {
$resultset[] = $row;
}
}
if(!empty($resultset)) {
return $resultset;
}
}
function bindQueryParams($sql, $param_type, $param_value_array) {
$param_value_reference[] = & $param_type;
for($i=0; $i<count($param_value_array); $i++) {
$param_value_reference[] = & $param_value_array[$i];
}
call_user_func_array(array(
$sql,
'bind_param'
), $param_value_reference);
}
function insert($query, $param_type, $param_value_array) {
$sql = $pdo->prepare($query);
$pdo->execute($sql, $param_type, $param_value_array);
}
function update($query, $param_type, $param_value_array) {
$sql = $pdo->prepare($query);
$pdo->execute($sql, $param_type, $param_value_array);
}
}
But my the new code don't work. Where is the problem?
Your new class has multiple problems. The one you are asking about can be solved by understanding how to connect properly with PDO and what DSN is. For this I have to refer you to this awesome article https://phpdelusions.net/pdo#dsn
Take this DSN for example:
mysql:host=localhost;dbname=test;port=3306;charset=utf8mb4
driver^ ^ colon ^param=value pair ^semicolon
You start by specifying which DB driver you would like to use: mysql:. After this comes a list of key-value pairs separated by a semicolon. The order should be host, DB name, and charset. You should specify all of these values.
Your DSN is your first argument to PDO::__construct(), the second and third is username and password respectively. The third one is an array of options.
Your options array should contain at least two values. You need to enable error reporting and switch off emulated prepared statements. These are the recommended settings.
Your connection should look at least similar to this:
$options = [
\PDO::ATTR_ERRMODE => \PDO::ERRMODE_EXCEPTION,
\PDO::ATTR_EMULATE_PREPARES => false,
];
$this->pdo = new PDO('mysql:host='.$this->host.';dbname='.$this->database.';charset=utf8mb4', $this->user, $this->password, $options);
However, please take note, that the constructor will be called once, and you do not need to put these values in private properties. They can simply be constants or hardcoded in the constructor. You will never need to reuse this values after opening connection.
Your second main mistake is that you are referring in a lot of places to $pdo, but you should be using $this->pdo.
Other notes:
die(); is going to end your whole script. Do not use it.
Do not catch exceptions, just to print out the error message. It defeats the whole purpose of the exceptions.
The method bindQueryParams() seems completely unnecessary. I would recommend you remove it.
runQuery is riddled with mistakes. $pdo->execute() takes in only one argument, which should be the array of values to be bound. There is no need for param type like in mysqli. The while loop is redundant and incorrect.
num_rows does not exist in PDO, and is not needed at all.
None of these method provide any benefit over just plain PDO.
Conclusion:
The class you have written is completely unnecessary and only makes your code more difficult to understand and maintain. While it might have made more sense with mysqli, PDO is simpler to use and does not need to be wrapped in such class. Please read the article linked at the beginning carefully, it will help you a lot.
The PDO connection does not take a 4th parameter for the database name. The DB name is passed in with the host name. So change:
$pdo = new PDO($this->host,$this->user,$this->password,$this->database);
to:
$pdo = new PDO($this->host . ';dbname=' . $this->database, $this->user, $this->password);
For more information see https://www.php.net/manual/en/pdo.connections.php
Additionally, it is unclear what $this->host contains but for PDO if that is just a host path you need to pass in the driver you are using as well, so you might even need to add
mysql:host=
to the start of this. With mysqli this is not required because the only RDBMS mysqli supports is mysql.
So potentially complete answer:
$pdo = new PDO('mysql:host=' . $this->host . ';dbname=' . $this->database, $this->user, $this->password);
I am using a few functions inside another function that updates certain things, deletes some and inserts, now my problem, if 2 above are successful or 1 and the rest aren't it could cause catastrophic outcomes. So is it possible to use 1 transaction for all 3 functions... for example:
public static function do_stuff()
{
//run sql in function
SELF::function_sql_one_insert();
SELF::function_sql_two_update();
SELF::function_sql_three_delete();
}
Like so:
public static function test()
{
SELF::function_sql_one_insert();
SELF::function_sql_two_update();
SELF::function_sql_three_delete();
}
public static function function_sql_one_insert()
{
//sql to run
$sql = "INSERT INTO table
(
fake_row_one,
fake_row_two
)
VALUES
(
?,
?
)";
//run sql
$fake_insert = $database->prepare($sql);
$fake_insert->execute("yeah", "okay");
}
public static function function_sql_two_update()
{
//sql to run
$sql = "UPDATE table
SET fake_row_one = ?
WHERE fake_row_two = ?";
//run sql
$fake_update = $database->prepare($sql);
$fake_update->execute("blahblah", "okay");
}
public static function function_sql_three_delete()
{
//sql to run
$sql = "DELETE FROM TABLE
WHERE fake_row_two = ?";
//run sql
$fake_delete = $database->prepare($sql);
$fake_delete->execute("okay");
}
What I am trying to acomplish is if one fails revert all of them back. Is this possible? If not what can I do instead, if so, is there any cons to this?
Php functions has absolutely nothing to do with database transactions. It's just irrelevant matters.
A database transaction is bound to database connection only. Thetefore, as long as all your functions use the same connection, there is no problem to run all three in a transaction.
You should use database transactions for this.
Essentially,
you start a transaction,
you do your SQL queries
if it fails somewhere, you do a rollback and otherwise you do a commit
But there are a few gotcha's such as certain sql statements that commit on their own, so read all the official docs for the database you're using.
More info: http://php.net/manual/en/pdo.begintransaction.php
But remember that not all databases support transactions to start with.
E.g. MyISAM tables in MySQL do not support transactions.
You might want to convert those tables to InnoDB see here e.g.: How to convert all tables from MyISAM into InnoDB?
I use this way:
class Teste {
public $mysqli;
public $erro = array();
public function __construct(){
$this->mysqli = new \mysqli(DB_HOST,DB_USERNAME,DB_PASSWORD,DATABASE);
$this->mysqli->set_charset("utf8");
}
public function start_trans(){
$this->mysqli->autocommit(false);
}
public function end_trans(){
if(count($this->erro) == 0){
$this->mysqli->commit();
echo "success";
} else {
$this->mysqli->rollback();
echo "error";
}
}
public function example1(){
$stmt = $this->mysqli->query("insert into veiculos (placa, modelo) values (1,1)");
if(!$stmt){
$this->erro[] = "Erro #143309082017 <code>" . $this->mysqli->error . "</code>";
}
return (count($this->erro) < 1)? true : false;
}
public function example2(){
$stmt = $this->mysqli->query("insert into veiculos (placa, modelo) values (2,2)");
if(!$stmt){
$this->erro[] = "Erro #143309082017 <code>" . $this->mysqli->error . "</code>";
}
return (count($this->erro) < 1)? true : false;
}
public function example3(){
$this->mysqli->autocommit(false);
$stmt = $this->mysqli->query("insert into veiculos (placa, modelo) values (3,3)");
if(!$stmt){
$this->erro[] = "Erro #143309082017 <code>" . $this->mysqli->error . "</code>";
}
return (count($this->erro) < 1)? true : false;
}
}
$action = new Teste;
$action->start_trans();
$action->example1();
$action->example2();
$action->example3();
$action->end_trans();
Maybe you can try something like this:
$working = true;
try
{
SELF::function_sql_one_insert();
} catch (Exception $e)
{
if($e != "")
$working = false;
}
Try this for all functions. If $working is true, you can execute all commands.
I've searched on stackoverflow and other sources but I cant seem to find the issue that is preventing my PHP script from working.
Look at the echo_sql. It produces a healthy update statement which when run updates the database with no problem. Here is a sample:
update waste set waste_name=1 where id =82;
However, when the script is run, it does not apply changes to the database. Here is the script:
if ($_SERVER['REQUEST_METHOD'] == "POST") {
try {
$waste_id = $_POST['waste_id'];
$sql = new db;
$sql->beginTransaction();
$waste_name = $_POST['waste_name'];
$sql->query("update waste set waste_name=:waste_name where id =:waste_id;");
$echo_sql = "update waste set waste_name=$waste_name where id =$waste_id;";
echo $echo_sql;
$sql->bind(':waste_name', $waste_name);
$sql->execute();
$sql->endTransaction();
} catch (Exception $e) {
$sql->rollBack();
echo "Failed: " . $e->getMessage();
}
}
Additional details:
errorCode() = 00000
DB Class:
class db
{
private $stmt;
private $dbc;
public function __construct()
{
$u = "root";
$p = "";
try {
$this->dbc = new PDO('mysql:host=127.0.0.1;dbname=wimsdb', $u, $p);
$this->dbc->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {
$e->getMessage();
}
}
public function bind($param, $value, $type = NULL)
{
$this->stmt->bindParam($param, $value, $type);
}
public function beginTransaction()
{
return $this->dbc->beginTransaction();
}
public function rollBack()
{
return $this->dbc->rollBack();
}
public function endTransaction()
{
return $this->dbc->commit();
}
public function cancelTransaction()
{
return $this->dbc->rollBack();
}
public function execute()
{
try {
return $this->stmt->execute();
} catch (PDOException $e) {
return $e->errorInfo;
}
}
public function errorCode()
{
return $this->stmt->errorCode();
}
public function query($query)
{
$this->stmt = $this->dbc->prepare($query);
}
}
Please offer your suggestions on how this could be resolved.
You need to bind the :waste_id too:
$waste_id = $_POST['waste_id'];
$sql = new db;
$sql->beginTransaction();
$waste_name = $_POST['waste_name'];
$sql->query("update waste set waste_name=:waste_name where id =:waste_id;");
$sql->bind(':waste_name', $waste_name);
$sql->bind(':waste_id', $waste_id);
Any time you have an issue like this your error checking should return a meaningful message letting you know where the error is and likely what the error is. You should be able to check your error logs for details and/or output them to your screen during testing.
Add waste_id. To avoid missing parameters, I like putting the parameteers into the execute method. The bind method could be defined anywhere in the code so I had to look through your code and make sure waste_id binding wasn't defined somewhere else. When it's in the execute method, you can quickly see all parameters being defined there...it's also a tad more concise...but both have their uses.
if ($_SERVER['REQUEST_METHOD'] == "POST") {
try {
$waste_id = $_POST['waste_id'];
$sql = new db;
$sql->beginTransaction();
$waste_name = $_POST['waste_name'];
$sql->query("update waste set waste_name=:waste_name where id =:waste_id;");
$echo_sql = "update waste set waste_name=$waste_name where id =$waste_id;";
echo $echo_sql;
//just because I like this syntax for being concise and clear :)
$sql->execute(array(
'waste_id' => $waste_id,
'waste_name' => $waste_name
));
$sql->endTransaction();
} catch (Exception $e) {
$sql->rollBack();
echo "Failed: " . $e->getMessage();
}
I have the following script that is not returning any thing at all, the best I've gotten is a var_dump to say bool(false).. There is nothing at all in my error_log and no exceptions are being thrown:
index.php:
require("php/bootstrap.php");
$campaign = new Campaign($_GET['campaign'], $mysql);
bootstrap.php:
define ("MYSQL_USER", "specialagent");
define ("MYSQL_PASS", "supertopsecret");
define ("MYSQL_HOST", "127.0.0.1");
define ("MYSQL_PORT", "3306");
define ("MYSQL_DB", "databasewithsecretinformation");
/* Auto include classes on instantiation */
function __autoload($class_name) {
include 'classes/'.$class_name.'.php';
}
/* Connections */
try {
$mysql = new PDO("mysql:host=".MYSQL_HOST.";dbname=test", MYSQL_USER, MYSQL_PASS);
} catch(PDOException $e) {
die("There was a problem connecting to the database. Error: " . $e->getMessage());
}
Campaign.php
class Campaign {
protected $dbh;
private $campaign_id = "";
private $name = "";
public function __construct ($campaign_id, PDO $db) {
//if ($campaign_id) {
$this->setCampaignID($campaign_id);
$this->dbh = $db;
$this->loadCampaignInfo();
//}
}
public function getCampaignID() {
return $this->campaign_id;
}
public function setCampaignID($id) {
$this->campaign_id = $id;
}
public function __destruct() {
//$this->dbh = null;
}
public function loadCampaignInfo() {
/* Get info from database */
$sql = "SELECT * FROM campaigns WHERE campaign=:campaignID";
try {
echo "trying query...$sql<br />";
if ($this->dbh instanceof PDO) {
$stmt = $this->dbh->prepare($sql);
$stmt->bindParam(":campaignID", $this->campaign_id, PDO::PARAM_STR);
$stmt->execute();
$row = $stmt->fetch();
echo "Returned Data: ";
var_dump($row);
} else {
echo "Not a valid PDO resource";
}
} catch (PDOException $e) {
echo "Problem : " . $e->getMessage;
} catch (Exception $e) {
echo "Other problem : " . $e->getMessage;
}
/* Set properties */
}
}
Output:
trying query...SELECT * FROM campaigns WHERE campaign=:campaignID
Returned Data: bool(false)
The problem has nothing to do with PDO.
Returned Data: bool(false) means no row were found to match condition.
Check your table if it contain the data and check input as well.
Check if you are getting the right class from autoload and all the stuff like that.
Also, change your bootstrap connection to
ini_set('display_errors',1);
error_reporting(E_ALL);
/* Connections */
$mysql = new PDO("mysql:host=".MYSQL_HOST.";dbname=test", MYSQL_USER, MYSQL_PASS);
$mysql->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
you may wish also to make the method less bloated too:
/* Get info from database */
public function loadCampaignInfo()
{
$sql = "SELECT * FROM campaigns WHERE campaign=?";
$stmt = $this->dbh->prepare($sql);
$stmt->execute([$this->campaign_id]);
return $stmt->fetch();
}
The problem was that the user did not have the correct privileges to access the database, after Your Common Sense suggested the creds were the issue, logged into MySQL cli and noticed the database was not in SHOW DATABASES.
Thanks for the help everybody.