-1

Could someone point out what is wrong with this code, or at least explain how to get any error messages out of this? I don't know how to trouble shoot farther then this.

  try {
  $db = new PDO($dbhost, $dbuser, $dbpassword);
  $sql = "INSERT INTO reports (Type, Location, Urgency, Description, Suggestion, Confidential, Email, Date, Time, Status, Link, ID, Title, Dopen) VALUES ('$type','$location','$urgency','$description','$solution','$confidential','$name','$date', '$time','Open','$link','$id', '$title','$date2')";
  $sth = $db->query($sql);}

  catch(PDOException $e) {echo $e->getMessage();}
user3384224
  • 25
  • 2
  • 1
    It looks like you just replaced `mysql` functions with `pdo` it doesn't work this way, here is a tutorial http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers – cmorrissey Feb 12 '15 at 19:12
  • You need to add `$db->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );` after your connection. Without that set, PDO will not throw exceptions for the try/catch to catch. – Jonathan Kuhn Feb 12 '15 at 19:18
  • **Building SQL statements with outside variables makes your code vulnerable to SQL injection attacks.** Also, any input data with single quotes in it, like "O'Malley", will blow up your query. Learn about parametrized queries, preferably with the PDO module, to protect your web app. [This question](http://stackoverflow.com/questions/60174) has many detailed examples. See also http://bobby-tables.com/php for alternatives & explanation of the danger. – Andy Lester Feb 12 '15 at 20:30

3 Answers3

0

The first variable in the PDO constructor is not only a host name.

Here's an example straight from the docs page:

$dbh = new PDO('mysql:host=localhost;dbname=test', $user, $pass);

But looking at your variable names, I suspect your $dbhost contains only something like "localhost"

rjdown
  • 9,162
  • 3
  • 32
  • 45
  • I forgot I had originally hard coded the localhost bit in after changing it forever ago. Thanks for the help anyway, just needed to see the right format again. – user3384224 Feb 12 '15 at 19:57
0

Add a second line:

$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
Jeroen Flamman
  • 965
  • 6
  • 10
0

I would do this.

 try {
  $db = new PDO($dbhost, $dbuser, $dbpassword);
  $stmt = $dbh->prepare("INSERT INTO reports (Type, Location, Urgency, Description, Suggestion, Confidential, Email, Date, Time, Status, Link, ID, Title, Dopen) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?)");
  $stmt->execute(array($type,$location,$urgency,$description,$solution,$confidential,$name,$date, $time,'Open',$link,$id, $title,$date2));
  }

  catch(PDOException $e) {echo $e->getMessage();}

And if that doesn't work, tell us what the error message is.

Use prepared statements with PDO, it's one of the greatest reasons to use PDO. Just sticking variables into your SQL is prone to produce errors, sql injections, etc.

To make my answer more complete, do as others have suggested.

$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

And as has also been noted the $dbhost should be the DSN.

It sounds like you really need to read the documentation for PDO. It's really a simple abstraction layer to use correctly once you read the documentation. http://php.net/pdo

Halfstop
  • 1,710
  • 17
  • 34
  • I made the changes you said and now get an error saying " invalid data source name2015-02-12". Is it just a problem with my putting the date in a format with hyphens? – user3384224 Feb 12 '15 at 19:36
  • What column type is Date in your table? – Halfstop Feb 12 '15 at 19:37
  • it is a standard column just like all the other ones. I think that error is actually not from the PDO statement though, I think it's from the function I'm using to convert my dates to a different format. – user3384224 Feb 12 '15 at 19:41
  • Probably, I've never seen an error like that before. Happy debugging. – Halfstop Feb 12 '15 at 19:42