PDO n00b

I learned PHP and MYSQL before PDO and MySQLi were the standard for querying mysql. I have never used PDO but am trying to learn. I got a connection, can select a few records, but I'm having trouble selecting this row for some reason. Maybe somebody knows why?

I'm getting error:

Fatal error: Call to a member function setFetchMode() on a non-object in /home/user/domains/example.com/public_html/index.php on line 154

Here is my code:



The last code statement in that line, is line 154. It's odd though because right above this query I used the same syntax to query a seperate table and opened a while PDO fetch_assoc loop and that seems to work.

Can anybody tell me what is going on?

without consulting my own code, or the docs, (its late) I would guess that the setFetchMode method is actually part of the $dbh object; not the $sthComments object;

However, I've never used it.

I just do

The error says that $sthComments is not an object. Either northie's solution is correct or your ->query() function returns FALSE on error.

Hi,

the error message says it all: $sthComments isn't an object. It's "false" because there was an error in your query.

The code generally has some issues:

Don't insert variables into query strings (it hope it's at least escaped??). PDO has prepared statements, which are the very reason to use PDO. Otherwise you might as well stick to the old mysql_ functions.

Don't prepend the table name to the columns when you only have one table. It's just useless and only clutters your query.

I wasn't worried about the variable because it's simply a variable defined by another database query, not user input. Should I still escape the var? I thought that was the point of PDO, it had it's own magic quotes, escape, etc.. prevention built in?

I don't think my query is wrong because I've tried it with just SELECT * FROM tablename and it throws the same error.

That's the point of PDO, yes...assuming you actually bind the variables and don't just build a big string bare like you're doing. Bind them properly and you get the benefits.

If you're using the results of one query in another query, you need to use a JOIN.

Alright great, thanks for all of your insight. I realized I had to start cleaning things up sooner or later, I got it working by combining the query and finally gave up EquiJoin for Inner Join, and got rid of any variables in the query.

This seemed to work:

Quick question. If I have more than one query on a page, should I just use the same ( $sth ) for every query. i.e. $sth = $dbh->query and after that query's results are used in my code, redefine $sth = null; and then I can reuse $sth for the next query?

Use descriptive variable names, which actually tell you the content (like $news_stmt, $member_stmt etc.). Generic or cryptic names massively reduce readability and can easily lead to mistakes. So choose sensible variable names.

This wouldn't prevent the variable from having apostrophes in it unless you guarantee when you initially insert the value that it doesn't have them in it.

Unless you have a particular reason for using different fetch modes for different queries, I recommend just setting the default fetch mode when you initialize your connection and then not messing around with it for every statement.

What you also might wanna do is set the PDO::ATTR_ERRMODE to PDO::ERRMODE_EXCEPTION in order to get rid of this stupid mixture of exceptions, return values and errors.

You can do this in the fourth argument of the constructor:


This will throw an exception for every problem.

I did some more reading on PDO. I havn't had time to fully study and understand it yet but I made sure the connection PDO construct in the 4th parameter had an array that included a emulate_prepares = false attribute and error mode attribute set to exception mode and made sure to try and catch all errors or exceptions.

E-oreo - The variable was just another value I inputted into the database that I was referencing from a previous query. So I know it was safe. Even so, I realized I cannot do things sloppily so I went ahead and did things the right way.

I think its my first inner join I used outside of class, I'm use to equijoins that I learned 10 years ago.

I still have tons more to read up on, concerning PDO, OOP, and some other things.

Apart from this concrete case, which you solved:

Do not distinguish between "safe" and "unsafe" values. Believe me, this doesn't work.

The value may be safe for this particular moment, but that could change anytime in the future ("Let me add this feature real quick ..."). And chances are you'll forget to add the escaping then. Switching between escaped and raw values generally is very error-prone. You can easily make mistakes and let an unsafe value slip through, which can completely compromise the security.

You can avoid all this trouble by simply escaping every value, no matter how trivial and safe it is. Or even better: Use intelligent functionalities, which do the escaping for you. For example, many template engines have a default escaping method, so you don't need to call htmlentities() manually for every value.