Re: [GENERAL] problem with serial

Thu, 19 Apr 2012 09:04:15 -0700 

2012/4/19 Chris Angelico <ros...@gmail.com>

> On Fri, Apr 20, 2012 at 1:20 AM, Adrian Klaver <adrian.kla...@gmail.com>
> wrote:
> > Am CCing list so more eyes can see this and because I don't use PHP.
> >
> > On 04/19/2012 07:59 AM, Yvon Thoraval wrote:
> >> Fatal error: Call to a member function fetch() on a non-object in
> >> /home/yt/Sites/landp_public/landp.php on line 500
> >>
> >> This is PHP/PDO error message, here is my code :
> >> $max_rowid=-1;
> >> $sql="SELECT MAX(rowid) FROM items;";
> >> $ret=$db->query($sql);
> >> while($row=$ret->fetch()){
> >> $max_rowid=$row['max'];
> >> }
>
> Side point: This is a rather clunky way of handling single-row
> results. There's really no need to have a loop like this when you know
> the query can't return more than one row - and can't return less than
> one row, either (it might return NULL, but it will always have one
> row).
>
> The error you're seeing is a cascaded one stemming from $db->query()
> returning something that you can't fetch from - off-hand, I'm thinking
> it returns either False or Null, but I haven't checked the docs. More
> than likely, it's an SQL error in the statement immediately above line
> 500:
>
> $sql="INSERT INTO items (ctime, [...], infos) VALUES (
> '".$dat."', [...], '".str2sql(quoteAsAre($_GET["infos"]))."') RETURNING
> rowid;";
>
> Try echoing this statement, then copying and pasting it to
> command-line Postgres. Also, get a display of the actual error
> returned (I don't have my PHP docs handy to see how that is, but it'll
> be $db->last_error or somesuch).
>
> Are you able to switch to using a parameterized query instead of all
> this fiddly quoting and escaping? It's a LOT safer and easier.
> Possibly you have an issue with the escaping and that's why you
> occasionally get SQL errors. What are str2sql() and quoteAsAre()
> doing?
>
> ChrisA
>
> --
> Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-general
>


  function quoteAsAre($string){
    return preg_replace('/\\\"/', '"', preg_replace("/\\\'/", "'",
$string));
  }
  function sql2str($string){
    return preg_replace('/\'\'/', "'", $string);
  }
  function str2sql($string){
    return preg_replace('/\'/', "''", $string);
  }
  function nospace($string){
    if($string==''){
      $string="&nbsp;";
    }
    return $string;
  }


OK, i'll carrefully inspect all of those.

-- 
Yvon

Reply via email to