12.
Preventing SQL Injection Attacks with Prepared Statements
Keep on Learning!
If you liked what you've learned so far, dive in! Subscribe to get access to this tutorial plus video, code and script downloads.
If you liked what you've learned so far, dive in! Subscribe to get access to this tutorial plus video, code and script downloads.
Whoops, an error! Please, try again later.
19 Comments
Hi there!
Not sure how well this still holds up, but in a current PHP 8.1 environment, the last bit of the tutorial doesn't work and I get an error:
<blockquote>"Fatal error: Uncaught PDOException: SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens in C:\xampp\htdocs\studying\start\lib\functions.php on line 28"</blockquote>
I fixed this by adding another wrapping another if-statement around the bindParam line:
If there is no if-statement, it tries to bind the parameter to the initial query which is 'SELECT * FROM pet', but since there's no :resultLimit variable to bind to, it just breaks? Since it seems to have worked at some point in your tutorial, I assume this broke with a newer version of PHP? Or have I overlooked something or made another mistake somewhere else? If that's the case, is my solution correct or is it just a workaround / messy?
Thanks!
(Also there's no 4th course coming I assume :P)
Should I go ahead and learn OOP after this last episode?
Hey Nicholas,
You shouldn't, but you're definitely ready for the OOP course after this PHP track ;) If you are not sure in your strong OOP skills (Classes, Abstract classes, Interfaces, Traits and other OO concepts), then choose the OOP track first, otherwise choose whatever you like more.
Cheers!
What is the recommended one after this, would like to follow a strategy by you guys (if any).
Hey Nicholas
The OOP will be fine, really! It holds a lot of OO concepts which use in Symfony or any modern framework/library. But first of all, take a look at a few short courses if you don't yet:
https://knpuniversity.com/s...
https://knpuniversity.com/s...
And then you can choose our new course https://knpuniversity.com/s... if you love JavaScript a lot or you can switch to learn Symfony. ;)
Cheers!
Hello there,
I have 3 questions for this episode:
this is my index.php
Hi @Mahmut-A!
Nice to chat with you!
>When I did not use debug_parameters in get_function() , browser is giving directly http 500 error for index.php. However, in your video, there is html page but pets are 0. I commen out debug parameter below. when I add them, it is working.
You're referring to this line:
Hmm. This tells PHP to throw a big error if something is "wrong" instead of being silent. The fact that you get a 500 error when you have this code seems to indicate that you do have some sort of database connection problem. Are you able to see what the error is? Or is php hiding it? If php is hiding it, check out this post - https://rollbar.com/blog/what-is-the-quickest-way-to-show-all-php-errors/ - to see if your PHP config is perhaps set up to hide errors (we definitely want to see them while developing!).
Hmm. Can you show me what your code looks like for
contact.php? We should absolutely be able to call `get_pats() from there and count them.>I discovered something that when I comment out PDO error parameter in get_cunction; but not comment out in get_pets of PDO::PARAM_INT , it still works. is this normal?
Yea, this makes sense. Including PDO::PARAM_INT is needed to avoid an error. The
PDO::ERRMODE_EXCEPTIONmode is telling php that, if there IS an error, it should tell us. But if your page has no error, it won't matter whether or notPDO::ERRMODE_EXCEPTIONis there :).Let me know if this helps!
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
That line breaks my code. Makes localhost unable to load the page (localhost is currently unable to handle this request.). If I take that line out it all works good. Any ideas?
EDIT: if I change 'PDO::ERRMODE_EXCEPTION' to 'PDO::ERRMODE_WARNING' the code works (but I still don't get the error printing).
Hey Luke W.!
Good job finding that the change to WARNING helps. It also gives me a hint :). Here's what I think is happening:
1) One of your queries is actually failing. Before you put PDO::ERRMODE_EXCEPTION, the error doesn't hurt anything. After you put this, PDO is throwing an exception, which is killing your page.
2) But then why do we see a nice error page in the tutorial but you just see an empty, broken page? It's probably because you need to tweak 2 settings in your php.ini file:
Assuming you can find your php.ini file (try running
php --iniat the command line), change these 2 lines (make sure they don't have a;at the start of the line - that comments the line out - remove that if it is there) and then restart your web server.Let us know if that helps!
Cheers!
You're a champion Ryan, that fixed it! For reference incase anyone else using MAMP on a Mac struggles with this:
The correct php.ini file to edit is in: /Applications/MAMP/bin/php/phpX.X.X (there should be a folder for the version you're using, 7.4.2 in my case)/conf/php.ini
Thanks again dude, and thank you for creating some of the best PHP/Symf tutorials on the web.
I just completed the 3 php courses. I am very satisfied with the quality even though the coding challenges stopped at some point. I just wanted to say thanks, your information is presented very nicey and I enjoied the pet puns :)
Hey Kyle!
Thank you for such good words about our courses, you made our day! :)
About challenges, what problem did you hit? Did you able to complete them finally? Please, let us know if you still have any problems with them and we will help!
Cheers!
I see it's been a while since this episode was finished. Is there enough demand for episode 4 at this point, or should I just move on to other tracks?
Hey Lucio S.!
As you probably guessed, we don't have any hard plans currently. We covered most of the really fundamental things that we wanted to cover, but of course not everything. And while we *do* want to have a really robust PHP track to get anyone started, most of our users come for the Symfony tutorials.
But, to help things along, what types of things (if any) were you hoping to see in an episode 4? We do keep track of user comments and requests - it definitely helps drive what we do and when.
Cheers!
weaverryan thanks for getting back to me. I guess I'm left wondering what my next steps should be. I have a very firm understanding of HTML, CSS, UX/UI, and design, but have never fully taken the dive into programming. The flow of your tutorials is really nice, and helped me understand the basics better than any other I've attempted. Episode 3 left me hanging with "...which we’ll fix early in the next episode...Seeya next time!" It makes me question where I should go next?
Hey Lucio Eastman!
Ah! Then I think I can answer that :). If you want to keep going on this serious programming dive, go here: https://symfonycasts.com/tr...
Yes, there is more to learn about PHP / programming in general, but you're probably ready to step up to some object-oriented stuff. This will really open some doors, because so much of the backend technology is written with OO code. We don't have coding challenges on everything (sorry!) but we do have them on part 3 and part 4 of our OO track.
Oh, OR, you could go a more JavaScript route: https://symfonycasts.com/tr.... In that track, we *do* assume you already have a grasp on JavaScript (so if you don't think you fit into that, there are other sites that do a great job with, but we don't cover it), then helps really show the principles and tools of modern JavaScript.
And if you need any more guidance, let us know!
Cheers!
When is the estimated timeline for episode 4? I really love your teaching method/structure.
Hey, thank you very much :). As you saw in the other thread, we don't have a timeline yet - but definitely user demand plays into how we prioritize things. BUT, I did just create a new tutorial about this in the "planning" stages - you can subscribe to get an update when the tutorial comes out: http://knpuniversity.com/sc... I hope that helps! You might also enjoy the object-oriented tutorials if you haven't checked those out yet.
Cheers!
Thanks man!!
"Houston: no signs of life"
Start the conversation!