Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PDO whoopping me up! Please tell me what is wrong w/ snippet!

Status
Not open for further replies.

southbeach

Programmer
Jan 22, 2008
879
US
So, after much reading and suggestions, I am trying to make a move from "procedural" style coding to OOP and instead of using mysqli I am giving PDO a shot.

Thing is, after hours of looking at my code, reading and comparing .... I cannot see what is wrong with it nor why I get no error and yet, I get no data

Here is the code
Code:
    function OpenDB($db='') {
        $host=DBHOST;
        $charset = 'utf8';
        if($db == '') { $db = DBNAME; }

        $dsn = "mysql:host=$host;dbname=$db;charset=$charset";
        $opt = [
            PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
            PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
            PDO::ATTR_EMULATE_PREPARES   => false,
        ];

        try {
            $dbh = new PDO($dsn, DBUSER, DBPWD, $opt);
        }   catch (PDOException $e) {
            return("Error!: Problem connecting to database");
            die();
        }
        return($dbh);
    }

// Loop through $_POST and transfer fields::values to a sanitized array!
$cleanData = array();
foreach($_POST AS $key => $val) {
    $cleanData[$key] = filter_input(INPUT_POST, $key);
}

if(!isset($cleanData['usrCode'])) { die('XOUT'); }              // Access Code must be set!
if(!isset($cleanData['usrPWD']))  { die('XOUT'); }              // Password must be set!

if($cleanData['usrCode'] == '') { die('XOUT'); }                // Access Code cannot be blank!
if($cleanData['usrPWD']  == '') { die('XOUT'); }                // Password cannot be blank!

$dbh=OpenDB(''); 
$fx='userProfileTale';

$handle = $dbh->prepare("SELECT * FROM {$fx} WHERE username = :usrCode AND password = :usrPWD AND isactive > :notactive LIMIT 1;");

/*** bind the paramaters ***/
$notactive=0;
$handle->bindParam(':usrCode',  $cleanData['usrCode'], PDO::PARAM_STR);
$handle->bindParam(':usrPWD',   $cleanData['usrPWD'],  PDO::PARAM_STR);
$handle->bindParam(':notactive',$notactive,  PDO::PARAM_INT);

/*** execute the prepared statement ***/
try 
{ 
    $handle->execute(); 
} 
catch(Exception $e) 
{ 
    die('ERROR! - '.$e); 
}
$row=$handle->fetch(PDO::FETCH_ASSOC);

var_dump($row);

I am starting to hate this - how can I possibly struggle so much with such a simple task!?!

Your help will be appreciated.




--
SouthBeach
The good thing about not knowing is the opportunity to learn - Yours truly, 2008.
 
Every time I post a question here - I continue searching, digging and testing. Often, I find a solution and, when that is the case, I come back to my post and reveal the answer.

So, here is what I did and solved my problem - Changed
Code:
// Loop through $_POST and transfer fields::values to a sanitized array!
$cleanData = array();
foreach($_POST AS $key => $val) {
    $cleanData[$key] = filter_input(INPUT_POST, $key);
}

to
Code:
$definition = array(
   'usrCode' => array(
      'filter' => FILTER_SANITIZE_STRING,
      'flags'  => FILTER_NULL_ON_FAILURE
   ),
   'usrPWD' => FILTER_UNSAFE_RAW
);
$cleanData = filter_input_array(INPUT_POST, $definition);

I am getting the row as I expected - I am still not sure if I am using "best practice" but I shall continue to learn ...

Thanks for reading!



--
SouthBeach
The good thing about not knowing is the opportunity to learn - Yours truly, 2008.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top