public function execute($query) { if (!$this->dbh) { $this->connect(); }
// My $query has quotes in it // I try to escape the quotes $query = mysql_escape_string($query); // It causes an error $ret = mysql_query($query, $this->dbh);
if (!$ret) { // An Exception error is thrown throw new Exception; } elseif (!is_resource($ret)) { return TRUE; } else { $statment = new DB_MysqlStatement($this->dbh, $query); return $statement; } } } *****************************************
My query statement is: $query = 'INSERT into aeMail set test=\''.$_POST["test"].'\'';
I call the class as follows: $dbh = new DB_Mysql("user","passwd","localhost","test"); $query = 'INSERT into aeMail set test=\''.$_POST["test"].'\''; $dbh->execute($query);
If the $_POST variable does not contain any quotes, the class works perfectly. But whenever quotes are passed through, I get the following error:
Fatal error: Uncaught exception 'Exception' in
Uncaught exceptions happen whenever you THROW an exception that isn't caught. This allows you to do certain things when exceptions happen and try to recover from the error. So, it should work when you try this:
try { $dbh = new DB_Mysql("user","passwd","localhost","test"); $query = 'INSERT into aeMail set test=\''.$_POST["test"].'\''; $dbh->execute($query); } catch (Exception $e) { // This just prints, but you could do other things like ignoring // the error or trying to reconnect, etc. echo $e->getMessage(); print_r( $e->getTrace() ); }
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
