1

I have an HTML page through which I will be getting user input. I am taking those values and performing a query on my mysql database. This is my PHP code which does so.

<?php
ini_set('display_errors', 1);
error_reporting(E_ALL);
$username = "xxx";
$password = "xxx";


$A = $_POST['A'];
$B = strtoupper($_POST['B']);
$C = $_POST['C'];
$D = $_POST['D'];
$E = $_POST['E'];
$F = $_POST['F'];

try {
    $conn = new PDO('mysql:host=yyyy;dbname=' . $A, $username, $password);
    echo "Connected Successfully <br>";
} catch (PDOException $e) {
    print "ERROR! : " . $e->getMessage() . "<br/>";
    die();
}

$query = "call query(?,?,?,?,?,1,'filename.txt')";


$stmt = $conn->prepare($query);
$stmt->execute(array($B, $C, $D, $E, $F));
?>

This code throws no errors, but the script is not doing the job it's supposed to do. If I go into the mysql database and perform the query

call query(r_value,r_value,r_value,r_value,r_value,1,'filename.txt') ;

it creates a file with the filename and does the writing job perfectly. Using PHP the same result is not being achieved, but I am not seeing any errors thrown as well.

The job of this query procedure is to perform some queries based on input and write the results onto an output file whose location is passed as a parameter. Thanks in advance

Note: I also tried adding ';' in the $query but it made no difference.

edit: when i am using simple query instead of prepared statements it seems to work but i am not willing to use simple statements because of SQL injection

Improve this question
11
  • 3
    note: question mark placeholders doesn't need quotes Commented Jul 5, 2016 at 7:42
  • 1
    also make sure your DB user has the correct permissions to use stored procedures. Commented Jul 5, 2016 at 7:43
  • Yes you have probably not the permissions on writting. Commented Jul 5, 2016 at 7:47
  • 1
    I'm not sure whether it's related or not but I had a few problems like this in the past and the answer was a different timezone while working with DB directly or through PHP. As a result, select statement returned something in one case and nothing in another for select statements based on conditions with date/time. Commented Jul 5, 2016 at 9:17
  • 1
    I specified the necessary timezone while instantiatin a PDO-object: array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET time_zone = \'+03:00\'') as a last parameter Commented Jul 5, 2016 at 9:22

1 Answer 1

Reset to default
1

It was a designing mistake , input user format was different from the format that was needed making the script to fail. sorry for this mistake and if i wasted your time.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.