#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2006
    Posts
    68
    Rep Power
    9

    Problem changing to pdo


    Hi,
    I'm having a problem changing my code to pdo, for the life of me i cant get it to work. I have this code working great in good old php but no luck what so ever in pdo any help on getting this to work would be great i think it has to do with fetch and also the delete what im trying to gt this to do is grab the members rows from the database and give them the option to delete them thanks.(sorry for the messy coding)
    errors:
    Code:
    Notice: Undefined variable: result in C:\xampp\htdocs\memdelphotos1.php on line 46
    
    Notice: Undefined variable: delete in C:\xampp\htdocs\memdelphotos1.php on line 66
    php code:
    PHP Code:
    <?php
    require("common.php");
    if(empty(
    $_SESSION['user']))
    {
    header("Location: login.php");
    die(
    "Redirecting to login.php");
    }
    $query "
    SELECT
    invoicenumber,
    package,
    purchasedate,
    duedate,
    invoiceamount
    FROM users
    WHERE
    id = :user_id
    "
    ;

    try
    {
    $stmt $db->prepare($query);

    }
    catch(
    PDOException $ex)
    {
    die(
    "Failed to run query: " $ex->getMessage());
    }
    $row $stmt->fetch();
    ?>
    <table width="938" border="0" cellspacing="1" cellpadding="0">
    <tr>
    <td><form name="form1" method="post" action="">
    <table width="938" border="0" cellpadding="3" cellspacing="1" bgcolor="#000000">
    <tr>
    <td align="left" bgcolor="#3576B4" width="26"><font color="#FFFFFF" size="2"><strong></strong></td>
    <td align="left" bgcolor="#3576B4" width="95"><font color="#FFFFFF" size="2"><strong>Invoice:</strong></font></td>
    <td align="left" bgcolor="#3576B4" width="102"><font color="#FFFFFF" size="2"><strong>Package:</strong></font></td>
    <td align="left" bgcolor="#3576B4" width="271"><font color="#FFFFFF" size="2"><strong>Purchase Date:</strong></font></td>
    <td align="left" bgcolor="#3576B4" width="79"><font color="#FFFFFF" size="2"><strong>Due Date:</strong></font></td>
    <td align="left" bgcolor="#3576B4" width="79"><font color="#FFFFFF" size="2"><strong>Invoice Amount:</strong></font></td>
    </tr>
    <?php
    while($rows=$stmt->fetch($result)){
    ?>
    <tr>
    <td align="center" bgcolor="#f8f8f8" width="26">
    <input name="checkbox[]" type="checkbox" id="checkbox[]" value="<?php echo htmlentities($rows['id']); ?>" style="float: left"></td>
    <td bgcolor="#f8f8f8" width="95"><font size="2"><?php echo htmlentities($rows['invoicenumber'], ENT_QUOTES'UTF-8'); ?></font></td>
    <td bgcolor="#f8f8f8" width="102"><font size="2"><?php echo htmlentities($rows['package'], ENT_QUOTES'UTF-8'); ?></font></td>
    <td bgcolor="#f8f8f8" width="271"><font size="2"><?php echo htmlentities($rows['purchasedate'], ENT_QUOTES'UTF-8'); ?></font></td>
    <td bgcolor="#f8f8f8" width="240"><font size="2"><?php echo htmlentities($rows['duedate'], ENT_QUOTES'UTF-8'); ?></font></td>
    <td bgcolor="#f8f8f8" width="240"><font size="2"><?php echo htmlentities($rows['invoiceamount'], ENT_QUOTES'UTF-8'); ?></font></td>
    </tr>
    <?php
    }
    ?>
    <tr>
    <td colspan="6" align="center" bgcolor="#f8f8f8">
    <input name="delete" type="submit" id="delete" value="Delete" style="float: left"></td>
    </tr><?php


    if($delete){
    for(
    $i=0;$i<$count;$i++){
    $del_id $checkbox[$i];
    $query "
    DELETE FROM
    users
    WHERE
    id = :
    $del_id And
    username = :username
    "
    ;
    $query_params = array(
    ':checkbox' => $_POST['checkbox'],
    ':delete'   => $_POST['delete'],
    ':username' => $_POST['username']
    );
    try
    {
    $stmt $db->prepare($query);
    $result $stmt->execute($query_params);
    }
       catch(
    PDOException $ex)
       {
       die(
    "Failed to run query: " $ex->getMessage());
      }
     }
    }

    ?></table>
    </form>
    </td>
    </tr>
    </table>
    </div>
  2. #2
  3. Jealous Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    14,302
    Rep Power
    9400
    The first one with $result is because you're trying to fetch from a resultset that you haven't queried for yet. The second is because the $delete variable will not be created for you when someone clicks the corresponding button; you have to look in $_POST like for pretty much everything else.
  4. #3
  5. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Hi,

    there's actually a whole lot of issues. To name just a few:

    • Your DELETE statement is vulnerable to SQL injections (through $del_id).
    • The bound parameters in the same statement are broken. ":$del_id" creates invalid parameter names like ":0", ":1", ..., and the values for ":checkbox" and ":delete" aren't used anywhere.
    • $checkbox and $delete aren't defined anywhere. I hope you're not using register_globals!?
    • $_POST['checkbox'] is an array. You cannot pass it to a bound parameter.

    I think the main problem is that you've written down a bunch of code in one go without ever testing it. Now you're left with 100 lines of broken stuff and no clue of what to do next.

    Write your code step by step and test each part before you move on.

    First of all, get familiar with PDO. You need to actually understand it and not just copy and paste code from E-Oreo. After that, generate your list. No deletion stuff, just a plain list. And if that works, you can go on with the delete fuctionality. At each step, check the correctness of the code: Does the form send the correct data? Do the variables have the right values? Is the query correct? And so on.

    Writing down 100 lines of code in one go may work if you're very experienced and rarely make mistakes. But that's not the case (no offense), so it's important to catch errors early.

    Also, please get rid of all the "try-catch" stuff. It's dangerous, and it's completely useless. I know it's very popular in the PHP community, but that's because everybody just blindly copies and pastes each other's code without ever checking if it actually makes sense. This way bad practices and nonsense spread like wildfire. See the "errors and exceptions" link in my signature.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2006
    Posts
    68
    Rep Power
    9
    Ok thanks a lot got it working and took out the try catch.
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Dec 2004
    Posts
    3,031
    Rep Power
    377
    Originally Posted by YCPC55
    Ok thanks a lot got it working and took out the try catch.
    i hope you followed his instructions! what i would hate is to write all that text to help someone and then they would just ignore it.

IMN logo majestic logo threadwatch logo seochat tools logo