Login ProductsSalesSupportDownloadsAbout |
Home » Technical Support » DBISAM Technical Support » Support Forums » DBISAM ODBC Driver » View Thread |
Messages 1 to 4 of 4 total |
PDO ODBC Parameters Not Returning |
Sun, May 22 2016 1:35 PM | Permanent Link |
Charles Collinson | Having to ODBC into an old DBISAM 3.30 database with PHP using the ODBC driver and currently trying PDO, however I've tried with the normal ODBC system with the same issue. Basically wanting to use parameters to limit SQL injection but for the life of me I can't get any records to return:
$d1 = "Admin"; $query = 'SELECT ALL * FROM Password WHERE User=?'; $stmt = $db->prepare($query); $stmt->bindParam("1",$d1); $stmt->execute(); $result = $stmt->fetchAll(); $count = $stmt->rowCount(); print("Records: $count rows.\n"); I get no results and the count comes back as 0. I've tried bindparam as integer, a :xyz variable. The connection works, as does the PDO system. If I replace the query with a simple select from table with no where I get all results, as I do if I hardcode the where, so the issue is in the Parameter system. Can the DBISAM 3.30 ODBC work with parameters when querying? TIA Charles |
Tue, May 24 2016 11:07 AM | Permanent Link |
Tim Young [Elevate Software] Elevate Software, Inc. timyoung@elevatesoft.com | Charles,
Having to ODBC into an old DBISAM 3.30 database with PHP using the ODBC driver and currently trying PDO, however I've tried with the normal ODBC system with the same issue. Basically wanting to use parameters to limit SQL injection but for the life of me I can't get any records to return: >> What happens if you pass a length for the string variable (you'll also need to explicitly set the PDO::PARAM_STR parameter to the bindParam call) ? Tim Young Elevate Software www.elevatesoft.com |
Thu, May 26 2016 10:54 AM | Permanent Link |
Charles Collinson | Tim Young [Elevate Software] wrote:
<<What happens if you pass a length for the string variable (you'll also need to explicitly set the PDO::PARAM_STR parameter to the bindParam call) ?>> Makes no difference. $d1 = "Admin"; $query = "SELECT ALL * FROM Password WHERE User=?"; $stmt = $db->prepare($query); $stmt->bindParam(1,$d1, PDO::PARAM_STR, 20); $stmt->execute(); $result = $stmt->fetchAll(); $count = $stmt->rowCount(); print("Records: $count rows.\n"); No records found. $d1 = "Admin"; $query = 'SELECT ALL * FROM Password WHERE User="Admin"'; $stmt = $db->prepare($query); $stmt->execute(); This works. As does the below: $query = "SELECT * FROM Password WHERE User= '" .$d1. "'"; |
Thu, May 26 2016 1:57 PM | Permanent Link |
Tim Young [Elevate Software] Elevate Software, Inc. timyoung@elevatesoft.com | Charles,
Unfortunately, the 3.30 codebase was frozen over 10 years ago, but if you send me your database files and a sample PHP script that reproduces the problem, I'll see what I can find out and see if there's a workaround. Tim Young Elevate Software www.elevatesoft.com |
This web page was last updated on Wednesday, March 27, 2024 at 05:29 PM | Privacy PolicySite Map © 2024 Elevate Software, Inc. All Rights Reserved Questions or comments ? E-mail us at info@elevatesoft.com |