I'm having trouble finding good documentation on pdo update prepared statements and even more trouble finding documentation on dynamically updating the database with pdo prepared statements. I've gotten my dynamic insert to work but am having trouble with the update. The error I'm getting is:
Warning: PDOStatement::execute() [pdostatement.execute]:
SQLSTATE[HY093]: Invalid parameter number: parameter was not defined
in
/Users/scottmcpherson/Sites/phpsites/projectx/application/models/db.php
on line 91 error
Here is the class I created minus a couple of methods that are irrelevant to this problem:
<?php
require_once("../config/main.php");
class Database{
protected static $dbFields = array('username', 'password');
public $db;
public $tableName = 'users';
public $id = 1;
public $username = "Jonny";
public $password = "Appleseed";
public function __construct() {
$this->connect();
}
public function connect(){
try {
$this->db = new PDO("mysql:host=".DB_SERVER."; dbname=".DB_NAME, DB_USER, DB_PASS);
} catch (PDOException $e) {
echo 'Connection failed: ' . $e->getMessage();
}
}
public function properties() {
$properties = array();
foreach (self::$dbFields as $field) {
if (isset($this->field) || property_exists($this, $field)) {
$properties[$field] = $this->$field;
}
}
return $properties;
}
public function propertyValues() {
$property = $this->properties();
$propertyValues = array();
foreach ($property as $key => $value) {
$propertyValues = ":" . implode(", :", array_keys($property));
}
return $propertyValues;
}
public function polishedVals(){
// The end result of this function is:
// username=:username, password=:password
$props = $this->properties();
$phaseOne = array();
foreach ($props as $key => $value) {
$phaseOne[$key] = ":".$key;
}
$phaseTwo = array();
foreach ($phaseOne as $key => $value) {
$phaseTwo[] = "{$key}={$value}";
}
$polishedVals = implode(", ", $phaseTwo);
return $polishedVals;
}
public function update(){
$stmt = "UPDATE ". $this->tableName." SET ";
$stmt .= $this->polishedVals();
$stmt .= "WHERE id=" . $this->id;
$stmt = $this->db->prepare($stmt);
if($stmt->execute($this->properties())) {
echo "yes";
} else {
echo "error ";
}
}
}
$database = new Database();
echo$database->update();
?>
With all the variables replaced with the actual values, the result I'm going for with the update() method would look like this:
public function update(){
$stmt = "UPDATE users SET ";
$stmt .= "username=:username, password=:password ";
$stmt .= "WHERE id=1";
$stmt = $this->db->prepare($stmt);
if($stmt->execute($this->properties())) {
echo "yes";
} else {
echo "error ";
}
}
In addition to spotting this problem, please let me know if you see any other issues with this code. I'm still kind of new to PHP.
Edit: I've now created a new method that adds a : to the beginning of each key in the properties array:
public function colProperties(){
$properties = $this->properties();
$withCols = array();
foreach($properties as $key => $value){
$withCols[":".$key] = $value;
}
return $withCols;
}
So my update() method now looks like:
public function update(){
$stmt = "UPDATE ". $this->tableName." SET ";
$stmt .= $this->polishedVals();
$stmt .= "WHERE id=" . $this->id;
$stmt = $this->db->prepare($stmt);
if($stmt->execute($this->colProperties())) {
echo "yes";
} else {
echo "error ";
}
}
and if I var_dump($this->colProperties) I get:
array(2) { [":username"]=> string(5) "Jonny" [":password"]=> string(9) "Appleseed" }
And still getting the same error.
I don't think that passing parameters to an UPDATE query requires a different method than a SELECT one. The information in the PDOStatement->execute() manual page should apply:
<?php
/* Execute a prepared statement by passing an array of insert values */
$calories = 150;
$colour = 'red';
$sth = $dbh->prepare('SELECT name, colour, calories
FROM fruit
WHERE calories < :calories AND colour = :colour');
$sth->execute(array(':calories' => $calories, ':colour' => $colour));
?>
You are using named parameters so execute() expects an associative array. Use var_dump() to display $this->properties() right before execute():
var_dump($this->properties())
Make sure you keys match exactly.
The error is that in between
$stmt .= $this->polishedVals();
$stmt .= "WHERE id=" . $this->id;
There needs to be a space in between the WHERE clause as the polishedVals() method does not add a space after the implode. So, you'll have something like
UPDATE User SET city=:city, location=:locationWHERE User.id=28
Which causes the error.
Simple bug.
Related
I have this code
<?php
class Objekt{
// database connection and table name
private $conn;
private $table_name = "objects";
// object properties
public $id;
public $id_group;
public $title;
public $description;
public $lat;
public $lng;
public $icon;
public $tagsraw;
// constructor with $db as database connection
public function __construct($db){
$this->conn = $db;
}
function create(){
// query to insert record
$query = "INSERT INTO
" . $this->table_name . "
SET
id_group=:id_group, title=:title, description=:description, lat=:lat, lng=:lng, icon=:icon;
SELECT max(id) AS id FROM objects;";
// prepare query
$stmt = $this->conn->prepare($query);
// sanitize
$this->id_group=htmlspecialchars(strip_tags($this->id_group));
$this->title=htmlspecialchars(strip_tags($this->title));
$this->description=htmlspecialchars(strip_tags($this->description));
$this->lat=htmlspecialchars(strip_tags($this->lat));
$this->lng=htmlspecialchars(strip_tags($this->lng));
$this->icon=htmlspecialchars(strip_tags($this->icon));
// bind values
$stmt->bindParam(":id_group", $this->id_group);
$stmt->bindParam(":title", $this->title);
$stmt->bindParam(":description", $this->description);
$stmt->bindParam(":lat", $this->lat);
$stmt->bindParam(":lng", $this->lng);
$stmt->bindParam(":icon", $this->icon);
// execute query
if($stmt->execute()){
//$stmt->execute();
/*
ERROR below here
Uncaught PDOException: SQLSTATE[HY000]: General error
stack trace:
#0 PDOStatement ->fetch(2)
#1 Objekt->create()
*/
$result = $stmt->fetch(PDO::FETCH_ASSOC);
$this->id = $result['id'];
echo "$this->id";
//get tags matches
$tags = [];
$this->tagsraw = preg_replace('/\s+/', '', $this->tagsraw);
$tags = explode(',', $this->tagsraw);
$id_tags = [];
for ($i = 0; $i < sizeof($tags); $i++) {
$query = "SELECT id FROM category WHERE title=" . tags[i];
$stmt = $this->conn->prepare($query);
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_OBJ);
$id_tags[i] = $result->id;
}
for ($i = 0; $i < sizeof($id_tags); $i++) {
$query = "INSERT INTO category_object SET id_object=" . $this->id . ", id_category=" . $id_tags[i];
$stmt = $this->conn->prepare($query);
$stmt->execute();
}
return true;
}
return false;
}
What I want to do:
Insert Object and create a relation to a category_object table over foreign keys id_object / id_category
What I would like to improve:
What do I have to do to delete an insert if it fails (where should I put a try/catch or something else)
What is wrong with my fetch? I Select the value from max(id) to get the value of my inserted object, why is it throwing an Exception
I have another Warning why is it telling me that
for ($i = 0; $i < sizeof($id_tags); $i++) {
$query = "INSERT INTO category_object SET id_object=" . $this->id . ", id_category=" . $id_tags[i];
$stmt = $this->conn->prepare($query);
$stmt->execute();
}
will be deprecated in future php versions..
Use transactions.
Any insert/update/delete done within a transaction will not be actually executed against the database until you call commit(), and you can always roll back the changes, abandoning them in case of failure.
In your code, you should be OK with replacing if($stmt->execute()){ with
try {
$this->conn->beginTransaction();
$stmt->execute();
// ...everything else from inside the if statement here...
$this->conn->commit();
return true;
} catch (\Exception $e) {
$this->conn->rollback();
return false;
}
I'm trying to fetch data from the db using fetchAll(), which works unless I try to do so right after an insert query. The error I keep getting is a "General error". I read online that this is a know issue:
It seems that if you do a $statement->query() with an INSERT statement and after that a $statement->fetch() you will get an exception saying: SQLSTATE[HY000]: General error. source
Is there any way to go around this?
My code
First I'm running an insert query:
INSERT INTO question (`qid`, `question`, `category`, `subcategory`, `explanation`, `answer_type`, `answer_options`, `answer_nav`, `answer_optional`) VALUES ('65', 'TEST', 'wisselvraag', 'wk 1 - wk 1', '<strong>Let op! Maak aantekening bij vraag.</strong>', 'yes_no', '{null,null}', '', '1')
private function get($columns = "*", $dump = false)
{
$this->select($columns);
$this->prepareSQL();
if ($dump === true) {
$this->dumpSQL();
return [];
}
$this->stmt = $this->getPdo()->prepare($this->query);
$this->stmt->execute();
$this->incrementAmountOfQueries();
return $this->stmt->fetchAll(\PDO::FETCH_ASSOC);
}
Right after doing that I run a SELECT query:
SELECT question.* FROM question JOIN questionlist_question ON questionlist_question.`question_id` = question.`id` WHERE question.`category` = 'wisselvraag' AND questionlist_question.`questionlist_id` = '7' ORDER BY question.`qid` DESC LIMIT 1
To
$this->stmt->execute();
$this->stmt->fetchAll(\PDO::FETCH_ASSOC);
My data. The fetchAll() seems to be the problem.
/**
* prepare an INSERT query
* #param array $data
* #return bool
*/
private function insert(Array $data)
{
$fields = "";
$values = "";
foreach ($data as $field => $value) {
$value = htmlentities($value);
$fields .= "`$field`, ";
$values .= "'$value', ";
}
$fields = trim($fields, ", ");
$values = trim($values, ", ");
$this->insert = "($fields) VALUES ($values)";
$this->incrementAmountOfQueries();
return $this->execute();
}
/**
* Execute a query
* #return bool
*/
private function execute()
{
$this->prepareSQL();
// print($this->query);
// exit;
$this->stmt = $this->getPdo()->prepare($this->query);
return $this->stmt->execute();
}
$This->stmt
$this->stmt is defined as $this->stmt = $this->getPdo()->prepare($this->query);
getPdo()
/**
* Get PDO instance
* #return \PDO
*/
private function getPdo()
{
if (!$this->pdo) {
try {
$this->pdo = new \PDO($this->dsn, $this->username, $this->password);
$this->pdo->setAttribute(\PDO::ATTR_ERRMODE, \PDO::ERRMODE_EXCEPTION);
} catch (\Exception $err) {
print_r($err);
exit;
}
}
return $this->pdo;
}
$this->query
private function prepareSQL()
{
$sql = "";
if ($this->insert) {
if ($this->table) {
$sql .= "INSERT INTO " . $this->table;
$sql .= " " . $this->insert;
}
} else {
if ($this->select) $sql .= "SELECT " . $this->select;
if ($this->table) $sql .= " FROM " . $this->table;
if ($this->join) $sql .= " " . $this->join;
if ($this->where) $sql .= " " . $this->where;
if ($this->order) $sql .= " " . $this->order;
if ($this->limit) $sql .= " LIMIT " . $this->limit;
}
$this->query = $sql;
return $this;
}
Yes.
I suppose you are returning this value from a function. Well, return a statement instead. And then chain a fetchAll() to your function call later, if you need to get the rows. You won't believe how enormously flexible your function will become.
You can check an example section for this kind of function: all this stuff is available only thanks to a statement returned.
You may also would like to read my other article, Your first database wrapper's childhood diseases as I am sure your wrapper has other issues.
I would like to write a database connection class and I dont understand how I have to write the select method with bind_param-s. Here is the full code. And here the part of the code where I need the help:
public function select($sql){
$db = $this->connect(); //This methos connect to the DB
$stmt = $db->prepare($sql);
if($stmt === false){ //If the prepare faild
trigger_error("Wrong SQL", E_USER_ERROR);
}
$error = $stmt->bind_param("i", $id);
if($error){
return "Error: ".$stmt->error, $stmt->errno;
}
$err = $stmt->execute();
if($error){
return "Error: ".$stmt->error, $stmt->errno;
}
$result = $stmt->bind_result($id);
$stmt->close();
$dbConnection->closeConnection($db);
return $result;
}
I need to got it parameters or how can I slove it?
You need to pass your values into this function too. And eventually bind them into prepared statement.
Optionally you can pass string with types, but by default all "s" will do.
Also remember that you should connect only ONCE per script execution. and then use one single connection all the way throughout your code.
And get rid of all these error checks. Set mysqli in exception mode instead.
public function q($sql, $values = array(), $types = NULL)
{
$stm = $this->mysql->prepare($sql);
if (!$types)
{
$types = str_repeat("s", count($values));
}
if (strnatcmp(phpversion(),'5.3') >= 0)
{
$bind = array();
foreach($values as $key => $val)
{
$bind[$key] = &$values[$key];
}
} else {
$bind = $values;
}
array_unshift($bind, $types);
call_user_func_array(array($stm, 'bind_param'), $bind);
$stm->execute();
return $stm->get_result();
}
so it can be used like this
$res = $db->q("SELECT name FROM users WHERE id=?", [$id]);
or
$res = $db->q("SELECT name FROM users WHERE id=?", [$id], "i");
your other functions have to be changed as well.
class DB{
public $con;
function __construct()
{
$this->con = new mysqli("localhost", "root", "", "proba_fferenc");
}
public function select(...)
{
// as shown above
}
}
I'm in the middle of creating a custom Database Class to suit the requirements of the company i'm developing for. I currently have this:
class DBC {
protected $Link;
protected $Results;
public function __construct($Host = null,$User = null ,$Pass = null,$Database = null){
if ($Host === null OR $User === null OR $Pass === null OR $Database === null){
trigger_error("Incorrect Parameters Passed In The Database Link", E_USER_WARNING);
}
if (is_string($Host) AND is_string($User) AND is_string($Pass) AND is_string($Database)){
$this->Link = new mysqli($Host,$User,$Pass,$Database);
}else{
trigger_error("Expecting String(s), Array passed in one or more connection parameters",E_USER_ERROR);
}
}
public function Query ($Query,$Params){
$Query = $this->Link->prepare($Query);
$Query->bind_param();
}
}
Now.. I'm having a problem with how to sucessfully bind the parameters to the prepared statement.. For example, A Query will be submitted with this:
$DB = new DBC("Host","User","pass","database");
$DB->Query("SELECT * FROM Test WHERE Col=?",array("SearchCriteria"));
I've hit a block with figuring out how to bind_param and bind_result based on the results. A more clear insight is the normal procedure of MySQLi:
$SearchCriteria = "String";
$Query = $Database->prepare("SELECT * FROM Test WHERE Col=?");
$Query->bind_param('s',$SearchCriteria);
$Query->execute();
$Query->bind_results(/* Variables to match the column set */);
$Query->fetch();
$Query->close();
How can I bind the results and params to the prepared statement?
Below are copies of functions I use in a class that extends the mysqli class which do what you are asking.
function bind_placeholder_vars(&$stmt,$params,$debug=0) {
// Credit to: Dave Morgan
// Code ripped from: http://www.devmorgan.com/blog/2009/03/27/dydl-part-3-dynamic-binding-with-mysqli-php/
if ($params != null) {
$types = ''; //initial sting with types
foreach ($params as $param) { //for each element, determine type and add
if (is_int($param)) {
$types .= 'i'; //integer
} elseif (is_float($param)) {
$types .= 'd'; //double
} elseif (is_string($param)) {
$types .= 's'; //string
} else {
$types .= 'b'; //blob and unknown
}
}
$bind_names = array();
$bind_names[] = $types; //first param needed is the type string
// eg: 'issss'
for ($i=0; $i<count($params);$i++) { //go through incoming params and added em to array
$bind_name = 'bind' . $i; //give them an arbitrary name
$$bind_name = $params[$i]; //add the parameter to the variable variable
$bind_names[] = &$$bind_name; //now associate the variable as an element in an array
}
if ($debug) {
echo "\$bind_names:<br />\n";
var_dump($bind_names);
echo "<br />\n";
}
//error_log("better_mysqli has params ".print_r($bind_names, 1));
//call the function bind_param with dynamic params
call_user_func_array(array($stmt,'bind_param'),$bind_names);
return true;
}else{
return false;
}
}
function bind_result_array($stmt, &$row) {
// Credit to: Dave Morgan
// Code ripped from: http://www.devmorgan.com/blog/2009/03/27/dydl-part-3-dynamic-binding-with-mysqli-php/
$meta = $stmt->result_metadata();
while ($field = $meta->fetch_field()) {
$params[] = &$row[$field->name];
}
call_user_func_array(array($stmt, 'bind_result'), $params);
return true;
}
However, it sounds like you are doing something similar to what I have already done and have been using in many projects for a while now. Copy the contents of this pastebin (better_mysqli.php) into a new file and name it 'better_mysqli.php'
Then use it in your php program like so:
// include the class
include_once('better_mysqli.php');
// instantiate the object and open the database connection
$mysqli = new better_mysqli('yourserver.com', 'username', 'password', 'db_name');
if (mysqli_connect_errno()) {
die("Can't connect to MySQL Server. Errorcode: %s\n", mysqli_connect_error()), 'error');
}
// do a select query
$sth = $mysqli->select('select somecol, othercol from sometable where col1=? and col2=?', $row, array('col1_placeholder_value', 'col2_placeholder_value'));
while ($sth->fetch()) {
echo "somecol: ". $row['somecol'] ."<br />\n";
echo "othercol: ". $row['othercol'] ."<br />\n";
}
// the nice thing about this class is that the statement is only prepared once so if you use it again the already prepared statement is automatically used:
// do another select query with different placeholder values
$sth = $mysqli->select('select somecol, othercol from sometable where col1=? and col2=?', $row, array('other_col1_placeholder_value', 'other_col2_placeholder_value'));
while ($sth->fetch()) {
echo "somecol: ". $row['somecol'] ."<br />\n";
echo "othercol: ". $row['othercol'] ."<br />\n";
}
// the class supports the following methods: select, update, insert, and delete
// example delete:
$mysqli->delete('delete from sometable where col1=?', array('placeholder_val1'));
This question already has answers here:
Call to a member function on a non-object [duplicate]
(8 answers)
Closed 10 years ago.
I'm new to php oop.here i wanted to do database connectivity with singleton class but i got error like this:
Fatal error: Call to a member function getOne() on a non-object in C:\xampp\htdocs\singleton\new\singleton_db.php
here i have given two file
1.singleton_db.php
<?php
class database
{
public $query;
public $results;
public $conn;
public static $database;
//connect to the database
public function __construct()
{
$this->conn = mysql_connect('localhost','root','');
if ($this->conn)
{
mysql_select_db('test1');
}
}
public static function instance()
{
if (!isset(self::$database)) {
self::$database = new database();
}
return self::$database;
}
function getOne($sql) {
$result = $this->conn->getOne($sql); //Error in this line
if(database::isError($result)) {
throw new Exception($result->getMessage(), $result->getCode());
}
return $result;
}
function startTransaction() {
//autoCommit returns true/false if the command succeeds
return $this->conn->autoCommit(false);
}
function commit() {
$result = $this->conn->commit();
if(database::isError($result)) {
throw new Exception($result->getMessage(), $result->getCode());
}
$this->conn->autoCommit(true);
return true;
}
function abort() {
$result = $this->conn->rollback();
if(database::isError($result)) {
throw new Exception($result->getMessage(), $result->getCode());
}
return true;
}
//returns numerically indexed 1D array of values from the first column
public function insert($table, $arFieldValues) {
$fields = array_keys($arFieldValues);
$values = array_values($arFieldValues);
// Create a useful array of values
// that will be imploded to be the
// VALUES clause of the insert statement.
// Run the mysql_real_escape_string function on those
// values that are something other than numeric.
$escVals = array();
foreach($values as $val) {
if(! is_numeric($val)) {
//make sure the values are properly escaped
$val = "'" . mysql_real_escape_string($val) . "'";
}
$escVals[] = $val;
}
//generate the SQL statement
$sql = " INSERT INTO $table (";
$sql .= join(', ', $fields);
$sql .= ') VALUES(';
$sql .= join(', ', $escVals);
$sql .= ')';
$hRes = mysql_query($sql);
if(! is_resource($hRes)) {
$err = mysql_error($this->conn) . "\n" . $sql;
throw new Exception($err);
}
return mysql_affected_rows($hRes);
}
}
2.data.php
<?php
require_once('singleton_db.php');
try {
$db = database::instance();
} catch (Exception $e) {
// No point continuing...
die("Unable to connect to the database.");
}
$sql = "SELECT count(1) FROM mytable";
$count = $db->getOne($sql);
print "There are $count records in mytable!<br>\n";
// start a transaction
$db->startTransaction();
// do an insert and an update
try {
$arValues = array();
$arValues['id'] = '#id#';
$arValues['myval'] = 'blah blah blah';
$newID = $db->insert('mytable', $arValues);
print "The new record has the ID $newID<br>\n";
// update the record we just created
$arUpdate = array();
$arUpdate['myval'] = 'foobar baz!';
$affected = $db->update('mytable', $arUpdate, "id = $newID");
print "Updated $affected records<br>\n";
// write the changes to the database
$db->commit();
} catch (Exception $e) {
// some sort of error happened - abort the transaction
// and print the error message
$db->abort();
print "An error occurred.<br>\n" . $e->getMessage();
}
?>
What could I do to fix this ?
Your problem is you haven't defined the
getOne();
method properly. The property
$this->conn
Is just the result of mysql_connect() function which is a "MySQL link identifier on success, or FALSE on failure". It is not an object, and such, you can not ask it for the getOne(); method.