I am updating some code from the old mysql_* functions to PDO. It connects without a problem, runs the query without a problem, but the resultset is empty. PDO::query() is supposed to return a PDOStatement object, yet I am getting true in return. No errors are reported.
Here is my code:
try
{
$DB = new PDO("mysql:host=localhost;dbname=dbname", "user", "pass");
$stmt = $DB->prepare("SELECT * FROM report_clientinfo");
$stmt->execute();
}catch(PDOException $e)
{
echo $e->getMessage() . "\n";
}
echo gettype($stmt) . "\n";
if ($stmt) echo "true\n";
else echo "false\n";
$resultset = $stmt->fetchAll();
if(empty($resultset))
{
exit("ERROR: getClientInfo query failed.");
}
$DB = null;
print_r($resultset);
The output I am seeing is:
object
true
ERROR: getClientInfo query failed.
Any ideas why it is not returning any results?
object
true
ERROR: getClientInfo query failed.
It looks to me like your PDOStatement $stmt variable is in fact reported to be an object, not "true". The code then prints "true" when it sees that $stmt is non-null, which it is, because it's an object.
I recommend that you check the return value from $stmt->execute(). You might have an SQL error. For example, if you misspelled the table name, or the table doesn't exist in the database "dbname" that you connected to, or the user you login as doesn't have privilege to query that table.
Also check $stmt->errorInfo() to get more details on any error that occurred.
I'm a little embarrassed to report back that I was pointing to the wrong DSN. I guess that's what I get for trying to learn something new on just a few hours of sleep after going out for New Year's Eve. Thanks for the tip on the PDOStatement::errorInfo() method, I had not noticed it before.
Related
I have a prepared query with 3 result sets. I used fetch() for the first two since they only have one row each and they are appearing correctly in the View. For the 3rd result set, it consists of several transaction rows and I used fetchAll(), but it is empty, nothing appears in the view.
I tried modifying the proc to only return this transaction list, so in my code, I only called fetchAll(), but it is still empty. I've also tried running the EXEC statement in MS SQL Management Studio, and I can confirm that the 3rd query was supposed to return rows. I also didn't use fetchColumn() anywhere in the code. rowCount() returns 0.
I am now stuck. Please help.
Code snippet below:
try {
$conn = new PDO($dsn,$un,$pw);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch (PDOException $e) {
print("Error connecting to SQL Server.");
die(print_r($e));
}
$stmt = $conn->prepare("EXEC SomeStoredProc ?,?,?");
$stmt->execute([$id,$fromDate,$toDate]);
$firstResult_ = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->nextRowset();
$secondResult = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->nextRowset();
$transactions = $stmt->fetchall(PDO::FETCH_ASSOC);
$sample = $stmt->rowCount(); //returns 0
Please take a look at my code:
try {
// db connection here
$stm = $dbh->prepare("INSERT INTO mytable(id,token) values(NULL,$token)")->execute();
} catch(PDOException $e){
if ( $stm ){
echo 'inserting fails';
} else {
echo 'something else is wrong';
}
}
-- `token` column is unique
Current outputs:
The row inserted successfully.
It prints something else is wrong error for both {duplicate entry} and {SQL syntax}
Expected outputs:
The row inserted successfully.
It prints inserting fails error for {duplicate entry}
It prints something else is wrong error for {SQL syntax}
Ok, if I write my code like following (without chaining), then expected output happens:
$stm = $dbh->prepare("INSERT INTO mytable(id,token) values(NULL,$token)");
$stm->execute();
Well I want to know, when can I chain those PDO statements?
An exception can only be thrown in either the prepare or execute methods. Either of those is going to happen before $stm =. In other words, if an exception is going to be thrown, the assignment to $stm is always going to be skipped, meaning the variable doesn't exist at all in your catch block. Therefore it can only evaluate to false, and will in fact produce a notice about being undefined.
Read the PDO documentation http://php.net/manual/en/book.pdo.php and look at the return values. You can only chain when an object is returned such as a statement or resultset.
Execute (http://php.net/manual/en/pdostatement.execute.php) returns a boolean, not an object so we know it cannot be chained.
Prepare (http://php.net/manual/en/pdo.prepare.php) returns a statement object, so we can use the return statement to chain on another method call.
Think of it like this:
$stmt = $dbh->prepare("..sql..");
$bool = $stmt->execute();
This can translate into:
$bool = $dbh->prepare("..sql..")->execute();
As the return from ->prepare() is the the $stmt.
The reason you aren't getting your expected output is that the way you have it written, any time you get a PDOException, $stm can never be true. If either the prepare or the execute fails, then $stm will be undefined.
I originally thought that you could fix this by removing the check for execute success from the catch block, but I was mistaken. You cannot get your expected output while still chaining the methods.
try {
$success = $dbh->prepare("INSERT INTO mytable(id,token) values(NULL,$token)")->execute();
if (!$success) {
// This can never be reached. If your have set PDO::ERRMODE_EXCEPTION, then either
// the query is successful and $success === true, or the prepare or the execute
// failed, and an exception will be thrown
echo 'inserting fails';
}
} catch(PDOException $e){
echo 'something else is wrong';
}
Just for the record. To answer the question the guy tried to ask.
A code from my article on PDO (also fixing an SQL injection):
try {
$dbh->prepare("INSERT INTO mytable(token) values(?)")->execute([$token]);
} catch (PDOException $e) {
if ($e->getCode() == 1062) {
// insert failed due to duplicate key error
echo "duplicate token";
} else {
// insert failed due to any other error
throw $e;
}
}
I'm trying to implement pagination using PHP. I found that calling exec to the connected database prevents the further query calls from working.
The piece of code at hand:
<?php
// Pagination logic
//Here we count the number of results
$query = "SELECT COUNT(*) as num FROM gig";
$total_pages = $db->exec($query);
$total_pages = $total_pages[num];
?>
After it if I try to use a query such as:
<?php>
foreach ($db->query("SELECT sname, start, venue FROM gig WHERE start = '0000-00-00 00:00:00'") as $a) {
$row="<tr><td>$a[sname]</td><td>To be announced</td><td>$a[venue]</td></tr>\n";
print $row;
}
?>
it returns
Warning: Invalid argument supplied for foreach()
As soon as the first code block is removed, the query works fine. When I check the value of $total_pages, it's 0, so something must be going wrong along the way. As far as I know, I use it in the same way as the query(which works on its own), so is there any reason why it doesn't work?
The PDO is initialized in the following way:
try {
$db = new PDO("mysql:dbname=$db_name;host=$db_server", $db_user, $db_pw);
} catch (PDOException $e) {
die('Connection failed: ' . $e->getMessage());
}
session_start();
From Manual
PDO::exec() does not return results from a SELECT statement. For a
SELECT statement that you only need to issue once during your program,
consider issuing PDO::query(). For a statement that you need to issue
multiple times, prepare a PDOStatement object with PDO::prepare() and
issue the statement with PDOStatement::execute().
Used a function of the STATEMENT object had after using querying to count the rows instead of exec:
$dbq = $db->query("SELECT * FROM gig");
$rows = $dbq->rowCount();
About the latter code block not working because of the exec failing - it seems to just be the way php queries work, if one fails, all fail. The foreach() error is for the object it's provided is not an array, for it failed.
I managed to run the following code to insert into my table on first try. Then, I deleted that row in PHPMyAdmin to test my code further. I also noticed that it didn't get deleted on the 1st try. Only after few try. This might be due to I didn't set the $pdoHandle to NULL after I'm done with the query.
Then, unfortunately I couldn't insert new row on subsequent run. I even tried to change the input value and to avail I was unable to insert new row. The following are my PHP codes:
public function CreateNewCustomer($userId,$password,$name,$email)
{
$userId = filter_var($userId,FILTER_SANITIZE_STRING);
$password = filter_var($password,FILTER_SANITIZE_STRING);
$password = sha1($password);
$name = filter_var($name,FILTER_SANITIZE_STRING);
$email = filter_var($email,FILTER_SANITIZE_EMAIL);
do{
$customerId = hexdec(bin2hex(openssl_random_pseudo_bytes(4,$isStrong)));
echo $customerId;
$result = $this->connObject->exec("SELECT COUNT(id) FROM customer_tbl WHERE id=$customerId");
var_dump($result);
}while($result>0);
$statement = $this->connObject->prepare("INSERT INTO customer_tbl (id,name,email) VALUES ($customerId,:name,:email)");
$result = $statement->execute(array(':name'=>$name,':email'=>$email ));
var_dump($result);
$statement = $this->connObject->prepare("INSERT INTO login_tbl (username,password,customer_id) VALUES (:userName,PASSWORD(:password),$customerId)");
$result = $statement->execute(array(':userName'=>$userId,':password'=>$password ));
var_dump($result);
}
I used the following code to access the above method.
function Test($userName,$password,$name,$email)
{
try
{
$dbConnect = new DbConnect();
$pdoHandle = $dbConnect->Connect();
$userAccess = new UserAccess($pdoHandle);
$userAccess->CreateNewCustomer($userName,$password,$name,$email);
}
catch(PDOException $e)
{
$pdoHandle = null;
var_dump($e);
}
$pdoHandle = null;
}
Test('tester','password','TestX','test#example.com');
The var_dump of results is always false.
Is there any problem with my codes or is it something wrong with the database?
UPDATE/SOLUTION:
I just read through the PHP document on PDO::exec() and one of the user contributed notes mentioned that you can't use any SELECT statements (even thou the above only returns the count value) and any statements which might return a rows. The return value of PDO::exec() is the number of affected rows (integer), so the PDOStatement::closeCursor() can't be used to solve it. Even when I set the PDO::MYSQL_ATTR_USE_BUFFERED_QUERY=>true, it still doesn't work.
So, don't use PDO::exec() for any SELECT. I changed my code to PDO::query() instead as below,
do{
$customerId = hexdec(bin2hex(openssl_random_pseudo_bytes(4,$isStrong)));
$statement = $this->connObject->query("SELECT COUNT(id) FROM customer_tbl WHERE id=$customerId");
$statement->execute();
}while($statement->fetchColumn(0)>0);
Hope this would be helpful to anyone looking for a solution with similar problem and always remember to read the PHP document first including the user contributions.
Maybe not the answer but here are some things that you can do if you cannto see an obvious error:
If execute returns false, you can get more information about the error that happened by:
$arr = $statement->errorInfo();
print_r($arr);
or you can set different error reporting modes (e.g. throw an exception instead of the defaultsilent mode):
$dsn = 'mysql:dbname=testdb;host=127.0.0.1';
$user = 'dbuser';
$password = 'dbpass';
$dbh = new PDO($dsn, $user, $password);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
This should help you to find the "real" error.
As it turned out (see comments below question), in this case the real error was:
"Cannot execute queries while other unbuffered queries are active.
Consider using PDOStatement::fetchAll(). Alternatively, if your code
is only ever going to run against mysql, you may enable query
buffering by setting the PDO::MYSQL_ATTR_USE_BUFFERED_QUERY"
In this case you have 2 options:
you can set the option to use buffered queries
$dbh = new PDO(’mysql:host=localhost;dbname=test’, ‘root’, ” ,array(PDO::MYSQL_ATTR_USE_BUFFERED_QUERY => true))
or change your code and close an open cursor (may depend on the db driver you are using). You always should read the documentation which covers a lot of default problems.
Hope this helps.
I'm assuming the method is inside the UserAccess class and the connection you pass in is set to the local $this->connObject.
I suspect after you deleted the record, $customerId is being set to null in your interesting do-while loop with the select statement. If the id column in the DB is a non-null primary key field and you try to insert an explicit null it will fail.
Also, no need to keep setting your DB connection to null... this isn't C and connections aren't persistent (unless you explicitly declare them as such).
With the following piece of code, how do i know that anything was inserted in to the db?
if ($stmt = $connection->prepare("insert into table (blah) values (?)")) {
$stmt->bind_param("s", $blah);
$stmt->execute();
$stmt->close();
}
I had thought adding the following line would have worked but apparently not.
if($stmt->affected_rows==-1){$updateAdded="N"; echo "failed";}
And then use the $updatedAdded="N" to then skip other pieces of code further down the page that are dependent on the above insert being successful.
Any ideas?
The execute() method returns a boolean ... so just do this :
if ($stmt->execute()) {
// it worked
} else {
// it didn't
}
Update: since 2022 and beyond, a failed query will throw an error Exception. So you won't have to write any code to "skip other pieces of code further down the page" - it will be skipped automatically. Therefore you shouldn't add any conditions and just write the code right away:
$stmt = $connection->prepare("insert into table (blah) values (?)");
$stmt->bind_param("s", $blah);
$stmt->execute();
If you need to do something in case of success, then just do it right away, like
echo "success";
You will see it only if the query was successful. Otherwise it will be the error message.
Check the return value of $stmt->execute()
if(!$stmt->execute()) echo $stmt->error;
Note that line of code does perform the execute() command so use it in place of your current $stmt->execute() not after it.
Starting on PHP/8.1.0, the default setting is to throw exceptions on error, so you don't need to do anything special. Your global exception handler will take care of it, or you can try/catch for specific handling.
For older versions, you can check the manual pages of whatever function you are using:
prepare() - returns a statement object or FALSE if an error occurred.
bind_param() - Returns TRUE on success or FALSE on failure.
execute() - Returns TRUE on success or FALSE on failure.
close() - Returns TRUE on success or FALSE on failure.
In practice, though, this gets annoying and it's error prone. It's better to configure mysqli to throw exceptions on error and get rid of all specific error handling except for the few occasions where an error is expected (e.g., a tentative insert that might violate a unique constraint):
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
Default value used to be MYSQLI_REPORT_OFF. On PHP/8.1.0 it changed to MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT.
You can check the returned value after the execute :
if ($stmt->execute()) {
// ok :-)
$count = $stmt->rowCount();
echo count . ' rows updated properly!';
} else {
// KO :-(
print_r($stmt->errorInfo());
}
if you mean that you want to know the number of affected rows you can use rowCount on the pdo statement
$stmt->rowCount();
after execute;
if you are talking about error handling I think the best option is to set the errmode to throwing exteptions and wrap everything in a try/catch block
try
{
//----
}
catch(PDOException $e)
{
echo $e->getMessage();
}
Other way:
if ($stmt->error){
echo "Error";
}
else{
echo "Ok";
}