| From: | Yvon Thoraval <yvon(dot)thoraval(at)gmail(dot)com> |
|---|---|
| To: | Chris Angelico <rosuav(at)gmail(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: problem with serial |
| Date: | 2012-04-19 16:03:06 |
| Message-ID: | CAG6bkBxkF=WAmZAJmhu7taMvRRaZ+G4CS=eEm+EWJGQ_G1DUBQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
2012/4/19 Chris Angelico <rosuav(at)gmail(dot)com>
> On Fri, Apr 20, 2012 at 1:20 AM, Adrian Klaver <adrian(dot)klaver(at)gmail(dot)com>
> wrote:
> > Am CCing list so more eyes can see this and because I don't use PHP.
> >
> > On 04/19/2012 07:59 AM, Yvon Thoraval wrote:
> >> Fatal error: Call to a member function fetch() on a non-object in
> >> /home/yt/Sites/landp_public/landp.php on line 500
> >>
> >> This is PHP/PDO error message, here is my code :
> >> $max_rowid=-1;
> >> $sql="SELECT MAX(rowid) FROM items;";
> >> $ret=$db->query($sql);
> >> while($row=$ret->fetch()){
> >> $max_rowid=$row['max'];
> >> }
>
> Side point: This is a rather clunky way of handling single-row
> results. There's really no need to have a loop like this when you know
> the query can't return more than one row - and can't return less than
> one row, either (it might return NULL, but it will always have one
> row).
>
> The error you're seeing is a cascaded one stemming from $db->query()
> returning something that you can't fetch from - off-hand, I'm thinking
> it returns either False or Null, but I haven't checked the docs. More
> than likely, it's an SQL error in the statement immediately above line
> 500:
>
> $sql="INSERT INTO items (ctime, [...], infos) VALUES (
> '".$dat."', [...], '".str2sql(quoteAsAre($_GET["infos"]))."') RETURNING
> rowid;";
>
> Try echoing this statement, then copying and pasting it to
> command-line Postgres. Also, get a display of the actual error
> returned (I don't have my PHP docs handy to see how that is, but it'll
> be $db->last_error or somesuch).
>
> Are you able to switch to using a parameterized query instead of all
> this fiddly quoting and escaping? It's a LOT safer and easier.
> Possibly you have an issue with the escaping and that's why you
> occasionally get SQL errors. What are str2sql() and quoteAsAre()
> doing?
>
> ChrisA
>
> --
> Sent via pgsql-general mailing list (pgsql-general(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-general
>
function quoteAsAre($string){
return preg_replace('/\\\"/', '"', preg_replace("/\\\'/", "'",
$string));
}
function sql2str($string){
return preg_replace('/\'\'/', "'", $string);
}
function str2sql($string){
return preg_replace('/\'/', "''", $string);
}
function nospace($string){
if($string==''){
$string=" ";
}
return $string;
}
OK, i'll carrefully inspect all of those.
--
Yvon
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Chris Angelico | 2012-04-19 16:12:02 | Re: problem with serial |
| Previous Message | Efraín Déctor | 2012-04-19 15:43:22 | Re: pgstat wait timeout |