How to use pdo using require once & how to prevent sql injec

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
ushtabalakh
Forum Newbie
Posts: 4
Joined: Fri Oct 24, 2008 2:59 am

How to use pdo using require once & how to prevent sql injec

Post by ushtabalakh »

hi there I have two pages

page1.php

Code: Select all

 
$dsn = "mysql:dbname=". $dbName .";'". $dbServerAddress ."'";
$db = new PDO($dsn,$dbUsername,$dbPassword);
        
 
page2.php

Code: Select all

require_once "../page1.php";
 
  $articleexists = 0;
                            $sql = sprintf("SELECT body, title, intro,keywords,authorname,editeddate FROM articles where id=%d;",$articlenumber);
                            foreach ($db->query($sql) as $row) {
                                $articleexists = 1;
                                $maincontent = $row['body']; //returnArticle($articlenumber);
                                $pagetitle = $row['title'];
                                $pagedescription =$row['intro'];
                                $keywords = $row['keywords'];
                                $author = $row['authorname'];
                                $lastrevisiondate = $row['editeddate'];
                            }
                            if ($articleexists ==0)
                                echo  "not found!";
 
   
I receive this error when I run page2.php
Call to a member function query() on a non-object in
I wanna know how I can use a variable in page2.php that I have defined in page1.php

I also need to know how to make this query immune to sql injection

any help would be appreciated
User avatar
novice4eva
Forum Contributor
Posts: 327
Joined: Thu Mar 29, 2007 3:48 am
Location: Nepal

Re: How to use pdo using require once & how to prevent sql injec

Post by novice4eva »

I tried something similar and it worked!! try global keyword, maybe it will work

Code: Select all

 
require_once "../page1.php";
global $db;//ADD THIS LINE
$articleexists = 0;
$sql = sprintf("SELECT body, title, intro,keywords,authorname,editeddate FROM articles where id=%d;",$articlenumber);
..........
 
User avatar
novice4eva
Forum Contributor
Posts: 327
Joined: Thu Mar 29, 2007 3:48 am
Location: Nepal

Re: How to use pdo using require once & how to prevent sql injec

Post by novice4eva »

explore PDO::prepare functions for prevention of sql injection
ushtabalakh
Forum Newbie
Posts: 4
Joined: Fri Oct 24, 2008 2:59 am

Re: How to use pdo using require once & how to prevent sql injec

Post by ushtabalakh »

novice4eva wrote:I tried something similar and it worked!! try global keyword, maybe it will work

Code: Select all

 
require_once "../page1.php";
global $db;//ADD THIS LINE
$articleexists = 0;
$sql = sprintf("SELECT body, title, intro,keywords,authorname,editeddate FROM articles where id=%d;",$articlenumber);
..........
 
Thanks, I tried it, it didn't work :(
It must suck to use global on every variable I have defined in page1.php
that almost defies the whole purpose of including stuff
User avatar
novice4eva
Forum Contributor
Posts: 327
Joined: Thu Mar 29, 2007 3:48 am
Location: Nepal

Re: How to use pdo using require once & how to prevent sql injec

Post by novice4eva »

where are page1.php and page2.php located, are they in the same folder?? I was thinking maybe this was the case and the only error we had was in this piece of code

Code: Select all

 
require_once "../page1.php";
//MAYBE IT SHOULD BE require_once "page1.php";
 
I tired your code in my comp(WAMP) and i didn't even have to put GLOBAL keyword on.
Post Reply