4

I have a project where I am creating a plugin for WordPress which will allow users to add, delete, or update values in a Maria DB database.

My syntax is as follows...

try {
    $db = new PDO('mysql:host=HOST.mysql;dbname=DBNAME;charset=utf8', 'USERNAME',    'PASSWORD');
    $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);
}
catch (PDOException $e)
{
    echo $e->getMessage();
}

This will initialize contact with the database. If the admin clicks on the "edit" button then this code will be summoned.

$updatequery = "UPDATE property SET Seller = '$Seller',
Agent = '$Agent',
Country = '$Country',
City = '$City',
Status = '$Status',
Rentprice = '$Rentprice',
Sellprice = '$Sellprice',
Kitchen = '$Kitchen',
Bedrooms = '$Bedrooms',
Bathrooms = '$Bathrooms',
Rooms = '$Rooms',
Post = '$Post',
Description = '$Description',
Beskrivning = '$Beskrivning',
Caption = '$Caption',
IMG = '$IMG' WHERE ID ='$ID';";

$STH = $db->query($updatequery);

echo "<script>alert('The property has been updated, have a nice day !')</script>";

When I click on the edit button. The alert message is displayed which means the code was summoned. But the values have not been changed. Yet inspite of this there is no error message as there was earlier when I had syntax errors that I corrected.

Does the fact that the database runs on MariaDB instead of MySQL have any impact on what kind of syntax will be accepted? Or am I missing something?

The MariaDB version is 5.5.39-MariaDB.

Dharman
  • 30,962
  • 25
  • 85
  • 135
Orvil Nordström
  • 325
  • 6
  • 18
  • OMG,Try catch block,exception handling and setAttribute(PDO::ATTR_ERRMODE) all in one?Php tag will soon be obsolete. – Mihai Sep 22 '14 at 19:46
  • Have you verified prior to declaring the `$updatequery` all the values are actually available in the current scope? – Ray Sep 22 '14 at 19:50
  • You should avoid putting the variables directly in the query. Your using pdo, use prepared statements. – Ray Sep 22 '14 at 19:51
  • Yes all the variables used are defined. Btw I am not sure exactly what you mean Mihai. I am in the learning phase when it comes to MariaDB as i am more used to mySQL. Exactly what is your point ? – Orvil Nordström Sep 22 '14 at 19:53
  • 1
    You aren't actually checking for errors when you call `$db->query()`. You need to check `$db->errorInfo()` there because you don't have PDO throwing exceptions. Alternatively (and I would say preferably) use `ERRMODE_EXCEPTION` instead of `ERRMODE_WARNING` so PDO always throws exceptions which will halt fatally. – Michael Berkowski Sep 22 '14 at 19:56
  • Well Ray i was using prepared statements earlier but since it wasn't working and only administrators (Who can go directly in the database if they want to) have access to this program i decided that i would skip using prepared statements to see if i could get it to work. – Orvil Nordström Sep 22 '14 at 19:56
  • 1
    A single quote (apostrophe) in any of those variables (which is quite likely for descriptions, captions, etc) will break the UPDATE statement, and that may well be what happened. Much preferred to use [`prepare()/execute()`](http://php.net/manual/en/pdo.prepare.php) (which PDO makes easier than competing APIs) – Michael Berkowski Sep 22 '14 at 19:57
  • @OrvilNordström Just sarcasm to the fact that most questions I see with the php tag never check for errors or exception,nothing to get upset about. – Mihai Sep 22 '14 at 20:48

0 Answers0