0

I took over a MAMP version of a web app for someone else, and am trying to get it online.

The web app calls an API, then loads the data received from the API into an mySQL database, then displays some results in the browser. This is done with a combination of PHP, and javascript, including AJAX.

To simplify the code, a generalQuery.php file had been created which receives parameters from various functions and executes the query on the database. This works perfectly on the local MAMP version, but once online (hostmonster) I get an "Internal Error" code 500 when I execute a query which LOADS data into the database. However, I get no error when I execute a query which is trying to pull data from the database. I tracked the error down to being caused by a PDO fetchAll function. 

$dbh = GetConnection();
// get the query results

$dataEncoded  = $_POST ['jsonData'];
$literal = json_decode($dataEncoded, true);

$stmt = $dbh->query($literal); 
$stmt->setFetchMode(PDO::FETCH_NUM);        
$records = $stmt->fetchAll();

The GetConnection() function calls a separate file where the PDO connection is established.

Any ideas why the code works in MAMP but not on the hostmonster server?

Is the reason I get the error when loading into the database, but not when querying because fetch actually operates on the result of the query and not the database itself?

This was marked as a duplicated question

Thanks in advance!

UPDATE:
The server error is- PHP Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[HY000]: General error: 2053 And was traced to line- PDOStatement->fetchAll()

However, after further troubleshooting I found that the database is in fact being modified by the query even when the error occurs. I'd still like to fix the error, this post was marked as a duplicate question. If this part of the question can not be answered, then I would still like to find out how to make the architecture more secure as pointed out my Mike. I am new to web dev, so could you point me in the right direction as to how to fix my security issue? Since the data is acquired from an API, is there another way to form the query other than letting the client do it?

Jonas
  • 121,568
  • 97
  • 310
  • 388
Drwhit
  • 13
  • 3
  • Well if you get an error on fetchAll, it's probably while pulling data. Can you give us the error message? – Carl Boisvert Oct 16 '15 at 00:41
  • 1
    500 error is just a generic error code. You need to look at your error log and give us the actual error produced by PHP. – Mike Oct 16 '15 at 00:46
  • 2
    Also, your set-up is *extremely* insecure. You should never allow remote users to specify their own full queries unless you trust them not to also wipe your database or insert whatever they want in there. – Mike Oct 16 '15 at 00:51
  • Check the PHP versions on both machines – user2182349 Oct 16 '15 at 01:28

0 Answers0