something wrong with my prepared statement SQL query with PHP

Question

I get the errors:

Notice: Undefined variable: db in C:\xampp\htdocs\sqltest.php on line 18

Fatal error: Call to a member function prepare() on a non-object in C:\xampp\htdocs\sqltest.php on line 18

I used the code from this How can I prevent SQL injection in PHP?

I'm entirely new to PDO and that sort of thing, and on my apache server it's using php 5.3.

I'm just testing this out, I know I didn't use good coding practice.

my code:

     $con = mysql_connect("localhost","root","") or die('error');
    mysql_select_db("safe",$con);


    if(isset($_POST['lastinput'])){
    $prepared = $db->prepare('SELECT * FROM data WHERE last = :last');
    $prepared->execute(array(':last' => $_POST['lastinput']));

    $rows = $prepared->fetchAll();
    echo $rows['first'];
    }
    mysql_close($con);

Almost everything about that is wrong. Search Google for more tutorials — Paul Dessert, May 09 '12 at 00:13

score 4 · Answer 1 · answered May 09 '12 at 00:14

4

The example using $db->... is using an established PDO connection. You are not establishing a PDO connection and are therefore also never creating the variable $db. Please start with the manual: http://php.net/manual/en/pdo.connections.php

answered May 09 '12 at 00:14

deceze

510,633
85
743
889

And just to make that clear, once you use PDO, you do not need the `mysql_` functions anymore. – deceze May 09 '12 at 00:16

something wrong with my prepared statement SQL query with PHP

1 Answers1