Hi, i’m new here and i’m trying to complete this script. It’s something “simple”…newsletter subscribing.
So i’ve a database and i was using mysql with php and i was having a injection problem, than i read that mysql is obsolute, so i tried PDO connection.
I want to know if this script is correct, if i’ve some newbie errors or if i can rock on with this one.
<?php
$db = new PDO('mysql:host=localhost;dbname=testdb;charset=utf8', 'username', 'password');
$db->setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_EXCEPTION);
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
try {
//connect as appropriate as above
$db->query('hi'); //invalid query!
} catch(PDOException $ex) {
echo "An Error occured!"; //user friendly message
some_logging_function($ex->getMessage());
}
if (isset($_POST['nome']) && isset($_POST['email'])){
if(mysql_query("INSERT INTO email_list (nome, email) VALUES ('".$_POST['nome']."', '".$_POST['email']."')"))
{
echo "O seu email foi adicionado! Obrigada. Your email has been added to our list! Thank You.";
}else {
echo "Houve um erro ao adicionar o seu email. Por favor tente novamente. There was an error adding your email to our list. Please try again.";
}
}
else {
echo "Input all required field";
}
?>
First of all, does your code work at all? Second, why not use prepared statements that pdo provides. I think even pdo filters data I like to sanitize them before I process 'em.
You want to use this to query: $db->query(‘select foo from bar’)->fetchAll(); But thats only the beginning of what you need to start understanding. Start reading some of the different objects here: http://www.php.net/manual/en/book.pdo.php
…and the rest i need to work better.
I read a lot of things and the connection + the error part it’s fine i guess, i just take the steps they spoke too.
What do you think?
and i received this error “ERROR: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘hi’ at line 1”
Hey, i’ve tried that code but i’ve the same error.
ERROR: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘hi’ at line 1
Fatal error: Call to a member function query() on a non-object in /home/xxx/xxx/xxx on line 14
I can’t find the answer anywhere. I google a lot for this subject but i can’t find an answer.
I just want that my clients can subscribe to my newsletter, they put their name and email than they submit and after that i can see their information in mysql.
Have a look through your phi.ini file for the above line, if there is a ; at the start of the line, remove the ; from the start of the line, save and then restart the server