1

Hi I have an issue while using PDO, I am new to this. The query return null array if I using the first method:

try {
    $r = "SELECT * FROM `order` WHERE `id` = :id AND `key` = :key LIMIT 1";
    $r_do = $db->prepare($r);
    $r_do->bindParam(':id', $id, PDO::PARAM_STR);
    $r_do->bindParam(':key', $key, PDO::PARAM_STR);
    $r_do->execute();
    $f2 = $r_do->fetch();
} catch(PDOException $r) {
  $log->logError($r." - ".basename(__FILE__));
}

where $id is integer and $key is an ecrypted string e.g iGkGNI1NEzCZ6k9g9xC+m8hNm22G3DXsNoEqdwNkTc0=

The value come from an URL 

signin.php?id=10&key=iGkGNI1NEzCZ6k9g9xC+m8hNm22G3DXsNoEqdwNkTc0=

If i directly replace the prepared statement with it value, the query will return the result.

$r = "SELECT * FROM `order` WHERE `id` = '10' AND `key` = 'iGkGNI1NEzCZ6k9g9xC+m8hNm22G3DXsNoEqdwNkTc0=' LIMIT 1";

Any idea? For your info I am using Webmatrix as IDE with PHP on Windows 7 64-bit

Improve this question
5
  • Could you var_dump($key)? With + and = in the text, it might be being converted for you somewhere along the way. Commented Aug 21, 2013 at 15:29
  • return string(44) "iGkGNI1NEzCZ6k9g9xC m8hNm22G3DXsNoEqdwNkTc0=" When I use die(var_export($db->errorinfo(), TRUE)); it return array ( 0 => '00000', 1 => NULL, 2 => NULL, ) Commented Aug 21, 2013 at 15:31
  • 2
    Yeah, it's getting editted - see that space in the middle, where your + was? You need to run the code through urlencode() on the page where you're generating the link; and urldecode() on this page: php.net/manual/en/function.urlencode.php Commented Aug 21, 2013 at 15:34
  • Thanks @andrewsi !! I've spent the whole day figuring out this. You're my savior. Commented Aug 21, 2013 at 15:42
  • You're welcome - sometimes it just takes another pair of eyes. Commented Aug 21, 2013 at 15:42

3 Answers 3

Reset to default
2 
signin.php?id=10&key=iGkGNI1NEzCZ6k9g9xC+m8hNm22G3DXsNoEqdwNkTc0=

The problem is this. When the value of key is read, that + is being interpreted as a space.

To get around that, on the page that generates the link, you need to call urlencode() - that will encode the characters properly, and should give you something like:

signin.php?id=10&key=iGkGNI1NEzCZ6k9g9xC%2Bm8hNm22G3DXsNoEqdwNkTc0=

In this page, you can get the correct value of id by running it through urldecode().

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

You should probably be using

PDO::PARAM_INT

Instead of

PDO::PARAM_STR

For your ID, since it's an Int.

Improve this answer

Comments

0

Thanks to @andrewsi for the thought. Send the encrypted string with urlencode() then add urldecode() to retrieve the string.

Note: However, + symbol still not working. I've made few more data with + and the result still null eventhough encode/decode is working.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.