Home/ Questions/Q 7589119
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-30T20:05:09+00:00

Hi im using PDO to update some fields of a MySQL database. I’ve written

  • 0

Hi im using PDO to update some fields of a MySQL database. I’ve written a class called “bakeIT” which connects to a DB and updates some fields depending on the parameters of the method simple_update().

Somehow the first instantiation call to BakeIT()->simple_update() is working but not the second one? Why is that? I’m getting really crazy on that…

Edit:
I found out some errors:

string(85) “SQLSTATE[28000] [1045] Access denied for user
‘ODBC’@’localhost’ (using password: NO)” Fatal error: Call to a member
function prepare() on a non-object in
BakeIT.php

The table looks like the following:enter image description here

class BakeIT {

    function simple_update(
    $tablename,
    $fieldname,
    $value,
    $id,
    $idname,
    $token,
    $tokenvalue){

        $conn=$this->connect_db();
        $sql= "UPDATE $tablename SET $fieldname=? WHERE $idname=? AND $token=?";
        $q = $conn->prepare($sql);
        $q->execute(array($value,$id,$tokenvalue));
        $conn = null;}
}


//This as the first query works!        
$saveanchor = new BakeIT();
$saveanchor->simple_update('navigation','anchor','whoo',5,'idnavigation','hash','3234'); 

//This as the second query not!    
$savetitle = new BakeIT();
$savetitle->simple_update('navigation','linkname','kawoom',5,'idnavigation','hash','3234');
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The field linkname doesn’t exists.

    To my comment about the security: So far I know the prepred statemend prevents an attacker to inject any bad values into the field content.

    function example($value, $primarykey, $condition) {
    $q = $conn->prepare("UPDATE table SET somefield=? WHERE $primarykey=?");
    $q->execute(array($value,$condition));
}

    It is not possible to manipulate the parameters $value and $condition but you can set $tableid to 1=1 -- which would override your compleate table.

    E.g. example(12, 34, "1=1 --");that would execute this here:

    UPDATE table SET somefield=12 WHERE 1=1 --=34
    • 0