开发者

PDO Queries Not Working

I have looked at the same code for hours trying to figure out why my queries are not working. The two I have listed below are the two that are not working.

$getRequestIdQuery = "SELECT request_id
    FROM request_table
    WHERE request_key = '$requestKey'
    AND sort_order = $so";

$getRequestId = $pdo->prepare($getRequestIdQuery);
$getRequestId->execute();
foreach($getRequestId as $idRow)
{
    $requestId = $idRow['request_id'];
}

// This will update the ready status of the request id returned above
$updateReadyStatusQuery = "UPDATE request_table
    SET request_ready = 1
    WHERE request_id = $requestId";
$updateReadyStatus = $pdo->prepare($updateReadyStatusQuery);
$updateReadyStatus->execute();

The above runs whenever a file copy returns true. I am already sure this is running as there are omitted error logs from the above that show up during every test run. I am also certain the query in question works as I have successfully run the query (as it shows up in the error log) in phpmyadmin. The following is a snippet of code only a few lines above this that runs correctly:

$checkForComposedQuery = "SELECT *
    FROM composed_files
    WHERE file_source_id = '$fsi'
    AND file_number = '$fn'";

$checkForComposed = $pdo->prepare($checkForComposedQuery);
$checkForComposed->execute();

Any hints as to what might be causing this to not work? Both of the above snippets occur within a foreach loop if that helps.

Much thanks in advance.

UPDATE:

The following incorporates code that includes suggestions added by Charles below:

$gotCopied = copy($sourceHymnFile, $destHymnFile);

if ($gotCopied == true) {
    error_log("The file has been successfully copied.");

    $idRow;
    $getRequestIdQuery = "SELECT request_id
        FROM request_table
        WHERE request_key = ?
        AND sort_order = ?";
    $getRequestId = $pdo->prepare($getRequestIdQuery);
    $getRe开发者_JAVA技巧questId->execute(array($requestKey, $so));
    error_log("this is the value of request key : ".$requestKey);
    // Displays correct $requestKey value
    error_log("This is the value of sort order : ".$so);
    // Displays correct $so value
    $idRow = $getRequestId->fetch(PDO::FETCH_ASSOC);
    $requestId = $idRow['request_id'];
    error_log("This is the value of the request id : ".$requestId);
    // No output in error log for $requestId above

    // This will update the ready status of the request id returned above
    $updateReadyStatusQuery = "UPDATE request_table
        SET ready = 1
        WHERE request_id = ?";
    error_log("This updates the status of the song request if the song is played : ".$updateReadyStatusQuery);
    $updateReadyStatus = $pdo->prepare($updateReadyStatusQuery);
    $updateReadyStatus->execute(array($requestId));
}

The following correctly runs correctly for constants as entered:

    if ($gotCopied == true) {
    error_log("The file has been successfully copied.");

    $idRow;
    $getRequestIdQuery = "SELECT request_id
        FROM request_table
        WHERE request_key = ?
        AND sort_order = ?";
    $getRequestId = $pdo->prepare($getRequestIdQuery);
    $getRequestId->execute(array(5, 2));
    error_log("this is the value of request key : ".$requestKey);
    error_log("This is the value of sort order : ".$so);
    $idRow = $getRequestId->fetch(PDO::FETCH_ASSOC);
    $requestId = $idRow['request_id'];
    error_log("This is the value of the request id : ".$requestId);
    // No output in error log for $requestId above

    // This will update the ready status of the request id returned above
    $updateReadyStatusQuery = "UPDATE request_table
        SET ready = 1
        WHERE request_id = ?";
    error_log("This updates the status of the song request if the song is played : ".$updateReadyStatusQuery);
    $updateReadyStatus = $pdo->prepare($updateReadyStatusQuery);
    // This execute works correctly if a value is set for $requestId
    $updateReadyStatus->execute(array($requestId));
}


You have two problems here.

First, placeholders and binding. Your code here is vulnerable to SQL injection. PDO contains a tool to help mitigate this threat.

$getRequestIdQuery = "SELECT request_id
    FROM request_table
    WHERE request_key = ? -- new!
    AND sort_order = ?";

$getRequestId = $pdo->prepare($getRequestIdQuery);
$getRequestId->execute(array($requestKey, $so));

The ?s in the query are placeholders. The array passed to execute provides a list of replacements for any placeholders. They are automatically escaped and quoted as necessary.

Second, you're retrieving results incorrectly. You need to call the fetch method (or fetchAll method) on the statement handle. For example:

$idRow = $getRequestId->fetch(PDO::FETCH_ASSOC);
$requestId = $idRow['request_id'];

Note that there's no loop here. Your previous loop would have expected multiple results, but it overwrote the same variable in each loop. It looks like you're expecting only one result, so you only need to worry about one result.

We should also update your other query to use placeholders.

$updateReadyStatusQuery = "UPDATE request_table
    SET request_ready = 1
    WHERE request_id = ?";
$updateReadyStatus = $pdo->prepare($updateReadyStatusQuery);
$updateReadyStatus->execute(array($requestId));

... and your third ...

$checkForComposedQuery = "SELECT *
    FROM composed_files
    WHERE file_source_id = ?
    AND file_number = ?";

$checkForComposed = $pdo->prepare($checkForComposedQuery);
$checkForComposed->execute(array($fsi, $fn));
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜