1

I have been struggling since this morning, trying to write an install.php file that will insert three empty tables (users, sessions, posts) into a database. The SQL code I'm using is valid when I inject it with PHPMyAdmin, but apparently the way I'm handling it in PHP is wrong, because when I run my install.php file my database remains empty. Here's my code:

<?php
try {
 $con = new PDO('mysql:host=omitted;dbname=omitted','omitted','');
 $con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
 $con->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
 $q="CREATE TABLE posts (
  title varchar(150) NOT NULL,
  body text NOT NULL,
  created varchar(100) NOT NULL,
  user varchar(40) NOT NULL,
  id int(20) NOT NULL AUTO_INCREMENT,
  PRIMARY KEY (id),
  UNIQUE KEY id (id)
  ) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=5 ;

  CREATE TABLE sessions (
  session_id varchar(40) NOT NULL,
  data text NOT NULL,
  last_activity int(11) NOT NULL,
  PRIMARY KEY (session_id)
  ) ENGINE=MyISAM DEFAULT CHARSET=latin1;

  CREATE TABLE users (
  id int(11) NOT NULL AUTO_INCREMENT,
  username varchar(40) NOT NULL,
  password varbinary(250) NOT NULL,
  email varchar(40) NOT NULL,
  salt varchar(20) NOT NULL,
  name varchar(50) NOT NULL DEFAULT '',
  PRIMARY KEY (id),
  UNIQUE KEY email (email),
  UNIQUE KEY username (username),
  UNIQUE KEY id (id)
  ) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=2 ";

 $stmt = $con->prepare($q);
 $stmt->execute();
 echo "success";

} catch (PDOException $e) {
 $e->getMessage();
}


?>

I am assuming that it's some idiotic mistake on my part (since my last 3 headaches were also quite silly) but at this moment I really can't figure it out. Any ideas?

Improve this question
2
  • Can you try "CREATE TABLE '1165176_cms.sessions'... Commented Feb 1, 2013 at 14:37
  • the underlying mysql driver in php does not allow multiple queries in a single ->query()-type call as an sql injection attack defence mechanism. while it doesn't stop all injection attacks, it does prevent the classic bobby tables-type attack. Commented Feb 1, 2013 at 14:52

2 Answers 2

Reset to default
2

You can prepare only one statement per prepare call. To execute multiple statements you have to use PDO::exec method.

For example:

$con = new PDO('mysql:host=localhost;dbname=db','user','pass');
 $con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
 $con->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
 $q="CREATE TABLE posts (
  title varchar(150) NOT NULL,
  body text NOT NULL,
  created varchar(100) NOT NULL,
  user varchar(40) NOT NULL,
  id int(20) NOT NULL AUTO_INCREMENT,
  PRIMARY KEY (id),
  UNIQUE KEY id (id)
  ) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=5 ;

  CREATE TABLE sessions (
  session_id varchar(40) NOT NULL,
  data text NOT NULL,
  last_activity int(11) NOT NULL,
  PRIMARY KEY (session_id)
  ) ENGINE=MyISAM DEFAULT CHARSET=latin1;

  CREATE TABLE users (
  id int(11) NOT NULL AUTO_INCREMENT,
  username varchar(40) NOT NULL,
  password varbinary(250) NOT NULL,
  email varchar(40) NOT NULL,
  salt varchar(20) NOT NULL,
  name varchar(50) NOT NULL DEFAULT '',
  PRIMARY KEY (id),
  UNIQUE KEY email (email),
  UNIQUE KEY username (username),
  UNIQUE KEY id (id)
  ) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=2 ";

try {
 $con->exec($q) or die(print_r($db->errorInfo(), true));;
 echo "Success";

} catch (PDOException $e) {
 $e->getMessage();
}
Improve this answer
Sign up to request clarification or add additional context in comments.

8 Comments

This did not work for me. Thanks for the help though! Oh, and to come back on my own negligence; can you please omit the hostname/user/password from line 1? Much appreciated!
@MichaelYamada Sure, I can. Actually what did not work? I've just tested and it creates three tables as expected. :)
The database still turns up empty after running the file.
@MichaelYamada I've updated code. It will at least output an error. Anyway, both solutions should be working
Ah, now that I've instantiated the PDO object without catching the exception, I get an 'unknown server host' error. Anyway, this means I'm a lot closer to the actual problem now :) Thanks
|
1

This is not a query but rather set of queries.
Just run them one by one with separate calls.

Improve this answer

1 Comment

Got it! It's working perfectly this way. EDIT: Woops, no it doesn't. I was looking at the wrong phpmyadmin panel. The database in question remains empty even after separating the queries.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.