0

I have a script to update some user information automatically. Here is the section I use to update the DB. The variables are defined and valid.

try {
    $MyDBConn = new PDO("mysql:host=localhost;port=3306;dbname=$MyDBName", $MyDBUser, $MyDBPass);
    // PDO can throw exceptions rather than Fatal errors, so let's change the error mode to exception
    $MyDBConn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    $MySQL = "UPDATE jos_jsn_users SET grading = '$MyFLTTRanking' WHERE fltt_license like '%$MyFLTTLicense'";
    $MyStmt = $MyDBConn->prepare($MySQL);
    $MyStmt->exec(); //error is here
    $MySQL = "UPDATE jos_jsn_users SET grading_points = '$MyFLTTRankingPoints' WHERE fltt_license like '%$MyFLTTLicense'";
    $MyStmt = $MyDBConn->prepare($MySQL);
    $MyStmt->exec();
    $MyDBConn = null;
    // $output = shell_exec($MyWorkDir."bin/dbupdate_users.sh $MyFLTTLicense $MyFLTTRanking $MyFLTTRankingPoints");
}
catch(PDOException $e) {
    echo "Connection failed: " . $e->getMessage()."\n";
}

When I run the script, I get this error:

PHP Fatal error: Uncaught Error: Call to undefined method PDOStatement::exec() .. #0 {main} thrown in (file)

The linenumber points to the first statement $MyStmt->exec();

What or where did I wrong?

Qirel
  • 25,449
  • 7
  • 45
  • 62
Laurent Zotto
  • 37
  • 1
  • 7
  • Something is wrong with your query and it is failing to `exec()` – Jay Blanchard Oct 26 '16 at 17:40
  • [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)***. Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Oct 26 '16 at 17:43
  • Ok this worked on the first part. Later on i want to update an article with a 1200 line^s of html code. When I do this by phpMyAdmin it works, with the procedure above, the code is not inserted! here's the SQL statement (PS: I wrote this to a file and the "$MyTeamHTML_EN" is corrct): "$MySQL = "UPDATE jso_content SET introtext = '$MyTeamHTML_EN' WHERE alias like '%$MyTeamAlias'";" – Laurent Zotto Oct 26 '16 at 17:50
  • so should I use, $MySQL = "UPDATE jso_content SET introtext = :INTRO WHERE alias like '%:ALIAS'"; $MyStmt = $MyDBConn->prepare($MySQL); $MyStmt->execute(array('INTRO'=>$MyTeamHTML_EN, 'ALIAS'=>$MyTeamAlias); – Laurent Zotto Oct 26 '16 at 17:59

0 Answers0