TalkPHP

TalkPHP (http://www.talkphp.com/forums.php)
-   General (http://www.talkphp.com/general/)
-   -   Having trouble with PDO (http://www.talkphp.com/general/5206-having-trouble-pdo.html)

Killswitch 01-03-2010 01:34 AM
Having trouble with PDO
 
I am having a bit of trouble with an SQL statement and really don't know why.

Basically I am updating a forums information in the database. Everything is fine until I use certain characters.

For whatever reason, I can use moderators and administrators, but not moderators and administrators ONLY. Trespassers will be violated.

If it manages to update, the ONLY part of that string and on turns into >, so it reads moderators and administrators >.

Before going into the database I am using trim(htmlspecialchars($form_data, ENT_QUOTES)) and using them in a prepared query. I really don't understand what could be causing this and never ran into this problem before.

If it helps, the field this is getting inserted into is called desc (which I had probs with before, had to use `desc` to get it to work) which is just a text type field in mysql.

delayedinsanity 01-03-2010 02:22 AM
Code please? Preeettttty please? (Is this long enough vBulletin? huh? HUHHH?)

Killswitch 01-03-2010 02:54 AM
Alright, this is the portion that is Updating, with a little bit of cleaning ( its for an admin area that honestly I will be the only one messing with ). Also note the $form_data is an array of the form fields via Xajax... so $form_data['title'] really is input name=title etc...

PHP Code:
// Setup and preclean some vars
            $title trim(htmlspecialchars($form_data['title']));
            $url $this->string_to_url($form_data['url']);
            $parent = (int)$form_data['parent'];
            $access serialize($form_data['access']);
            $post_access serialize($form_data['post_access']);
            $desc trim(htmlspecialchars($form_data['desc'], ENT_QUOTES));
            
            // Attempt to insert data
            $q $this->db->prepare("UPDATE forums SET `title` = ?, `url` = ?, `parent` = ?, `access` = ?, `post_access` = ?, `desc` = ? WHERE id = ?");
            
                $q->bindParam(1$title);
                $q->bindParam(2$url);
                $q->bindParam(3$parentPDO::PARAM_INT);
                $q->bindParam(4$access);
                $q->bindParam(5$post_access);
                $q->bindParam(6$desc);
                $q->bindParam(7$idPDO::PARAM_INT);
                
            // Check results
            if ( ! $q->execute() OR ! $q->rowCount() > 0)
            {
                $message '<div class="error"><p>Sorry, but we could not update this forum</p></div>';
            } 
Essentially (since some code was left out), if it couldnt process or no effected results, then I return the Sorry message, otherwise it tells me everything went fine, let me send you to this location now.

I just can't pinpoint what would cause this, as it seems either the ! or . , ' is causing it (well ' is out now due to ENT_QUOTES).

UPDATE - Problem not solved, but it seems to be the word 'only' screwing everything up. I have tried removing this word and it works correctly, but when I use 'only' in it it wont work.


All times are GMT. The time now is 08:41 PM.

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0