Page 1 of 1

How to use pdo using require once & how to prevent sql injec

Posted: Fri Oct 24, 2008 3:05 am
by ushtabalakh
hi there I have two pages

page1.php

Code: Select all

 
$dsn = "mysql:dbname=". $dbName .";'". $dbServerAddress ."'";
$db = new PDO($dsn,$dbUsername,$dbPassword);
        
 
page2.php

Code: Select all

require_once "../page1.php";
 
  $articleexists = 0;
                            $sql = sprintf("SELECT body, title, intro,keywords,authorname,editeddate FROM articles where id=%d;",$articlenumber);
                            foreach ($db->query($sql) as $row) {
                                $articleexists = 1;
                                $maincontent = $row['body']; //returnArticle($articlenumber);
                                $pagetitle = $row['title'];
                                $pagedescription =$row['intro'];
                                $keywords = $row['keywords'];
                                $author = $row['authorname'];
                                $lastrevisiondate = $row['editeddate'];
                            }
                            if ($articleexists ==0)
                                echo  "not found!";
 
   
I receive this error when I run page2.php
Call to a member function query() on a non-object in
I wanna know how I can use a variable in page2.php that I have defined in page1.php

I also need to know how to make this query immune to sql injection

any help would be appreciated

Re: How to use pdo using require once & how to prevent sql injec

Posted: Fri Oct 24, 2008 4:05 am
by novice4eva
I tried something similar and it worked!! try global keyword, maybe it will work

Code: Select all

 
require_once "../page1.php";
global $db;//ADD THIS LINE
$articleexists = 0;
$sql = sprintf("SELECT body, title, intro,keywords,authorname,editeddate FROM articles where id=%d;",$articlenumber);
..........
 

Re: How to use pdo using require once & how to prevent sql injec

Posted: Fri Oct 24, 2008 4:37 am
by novice4eva
explore PDO::prepare functions for prevention of sql injection

Re: How to use pdo using require once & how to prevent sql injec

Posted: Fri Oct 24, 2008 1:27 pm
by ushtabalakh
novice4eva wrote:I tried something similar and it worked!! try global keyword, maybe it will work

Code: Select all

 
require_once "../page1.php";
global $db;//ADD THIS LINE
$articleexists = 0;
$sql = sprintf("SELECT body, title, intro,keywords,authorname,editeddate FROM articles where id=%d;",$articlenumber);
..........
 
Thanks, I tried it, it didn't work :(
It must suck to use global on every variable I have defined in page1.php
that almost defies the whole purpose of including stuff

Re: How to use pdo using require once & how to prevent sql injec

Posted: Tue Nov 04, 2008 11:21 pm
by novice4eva
where are page1.php and page2.php located, are they in the same folder?? I was thinking maybe this was the case and the only error we had was in this piece of code

Code: Select all

 
require_once "../page1.php";
//MAYBE IT SHOULD BE require_once "page1.php";
 
I tired your code in my comp(WAMP) and i didn't even have to put GLOBAL keyword on.