Could net get field value from a php methode

Question

I am creating a simple methode to get a field value from a row in a table. but somehow I could not get the field value ....

Here is my simple methode

private function getBankKode($transId=17000012720)
{

    try
    {

        $qry = "SELECT * FROM accbank WHERE bank_transid='$transId'";
        $res = $this->dbCon->query($qry);
        $rec = $res->fetch(PDO::FETCH_ASSOC);
            return $rec['bank_kode'];

    } 
    catch(PDOException $e)
    {

        $this->set_commit("ROLLBACK");
        $this->set_message("Methode getBankKode - ".$e->getMessage());
    }

}

there is no error message come out ... the field bank_kode type is alphachar with 9 digit in lenght this methode should return value 'BANK-0014'.....

the funny thing is I could get other field value i.e the row ID if I change the field the return statament become return $rec[bank_id]

UPDATE: If I query the row table outside the class ...

$qry = "SELECT * FROM accbank WHERE bank_transid='17000012720'";
$res = $pdoCon->query($qry);
$rec = $res->fetch(PDO::FETCH_ASSOC);
$bankKode = $rec['bank_kode'];

I can get the bank_kode field value .....

Your code is vulnerable to [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection) attacks. You should use prepared statements with bound parameters, via either the [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) drivers. [**This post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) has some good examples. — Alex Howansky, Oct 05 '17 at 16:28
You don't ever need to `ROLLBACK` here -- you're just doing reads not writes, and you haven't even started a transaction. — Alex Howansky, Oct 05 '17 at 16:29
You might `var_dump($rec);` to help you see what's in there... — Alex Howansky, Oct 05 '17 at 16:30
In your `catch` block, you're only catching PDOExceptions. If there's any other type of exception thrown, it'll be uncaught. Try replacing `catch(PDOException $e)` for `catch(\Exception $e)` and see if an exception is caught. — José A. Zapata, Oct 05 '17 at 17:38
@JoséA.Zapata ... I replace the catch(PDOException $e) with catch(\Exception $e) but no exception thrown out — hhalat, Oct 06 '17 at 13:26

score -1 · Answer 1 · answered Oct 05 '17 at 17:13

-1

Try to do the following at first code :

    $qry = "SELECT * FROM accbank WHERE bank_transid=' ".$transId." ' ";
    $res = $this->dbCon->query($qry);
    $rec = $res->fetch(PDO::FETCH_ASSOC);
        return $rec['bank_kode'];

answered Oct 05 '17 at 17:13

Muayyad Ayesh

122
2

...I try your suggestion but it do not solve the problem – hhalat Oct 06 '17 at 14:00
Try to test your method discretely, it seems that you have combined problem. – Muayyad Ayesh Oct 06 '17 at 14:45

Could net get field value from a php methode

1 Answers1