0

What I have

// Make an attempt to connect to the database
    try {
        // Make our connection
        $DataBaseHandle = new PDO($Host,$Username,$Password,$Table);

            $DataBaseHandle->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION, PDO::ATTR_EMULATE_PREPARES, false); 
                echo 'Connected!<br/>';

    // This will give us a output as an average 
    $SQLQuery = "SELECT 
                CONCAT('$',TRUNCATE(AVG(`payper`),2)) AS `Average Pay`
                FROM `rep_commission`
                ";

foreach ($DataBaseHandle->query($SQLQuery) as $row)
    {
    echo $row["Average Pay"];
    }

    $DataBaseHandle = null;
    }
catch(PDOException $e)
    {
    echo $e->getMessage();
    die();
    }

What I am trying to do

I am rewriting a bunch of my MYSQL_ files as we all know they're deprecated. I am also trying to prevent injection possibilities for grins. Scripts will be behind a employee dashboard, but want to take extra measures in case we have a smart employee with malicious intent.

Read here Are PDO prepared statements sufficient to prevent SQL injection?

$pdo->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); does the trick???

I am also learning :D

I am curious where I am going wrong, as I am getting a

E_WARNING : type 2 --
PDO::__construct() expects parameter 4 to be array, string given 
-- at line 11

And

E_ERROR : type 1 --
Call to a member function setAttribute() on a non-object
 -- at line 12

Where did I go wrong?

Also, if someone could show me how do I do a var_dump(), with the code that I have above. Im having a hard time understanding how to do it properly. Tried reading up on it but was lost :(

Community
  • 1
  • 1
  • 4
    warnings seem clear `$Table` is a string –  Oct 05 '15 at 03:12
  • Yeah. Do a `var_dump()` of each of your 4 arguments and you should see what the problem is – Machavity Oct 05 '15 at 03:12
  • @Machavity can you be a little more descriptive please. :) –  Oct 05 '15 at 03:16
  • @Dagon what would be a viable solution? –  Oct 05 '15 at 03:17
  • i really would hope that was obvious –  Oct 05 '15 at 03:17
  • 1
    `public PDO::__construct ( string $dsn [, string $username [, string $password [, array $options ]]] )` string, string, string, **array** `options A key=>value array of driver-specific connection options. ` http://php.net/manual/en/pdo.construct.php –  Oct 05 '15 at 03:18
  • so public PDO::__construct ( string $Host [, string $Username [, string $Password [, array $Table ]]] ) would be the correct output ? –  Oct 05 '15 at 03:20
  • 1
    have you read the manual page, or even glanced at it –  Oct 05 '15 at 03:20
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/91337/discussion-between-levizoesch-and-dagon). @Dagon –  Oct 05 '15 at 03:24

1 Answers1

0

I Needed to change From

$Table = 'dbname=tablename';
$Host ='mysql:host=$Localhost';
$Localhost='localhost';
$Username='';
$Password='';

To

$Host ="mysql:host=$Localhost;DBName=database";
$Username='test';
$Password='';

And From

 $DataBaseHandle = new PDO($Host,$Username,$Password,$Table);

To

$DataBaseHandle = new PDO($Host,$Username,$Password);