Re: PEAR MDB2 - Fatal error: Call to undefined function MDB2_Driver_mssql::getMessage()

Hi, thanks Erwin.

That's correct I fixed that and I also corrected the way I was reading
the error message for the $result object. But now I have a different
error. I'm trying to use a prepared query with SQL Server Express and
is not working. I'm getting this output(in error):

username: lll
An error occurred while trying to execute the following query:
select UserKey from [User] where UserName = ?
Error message: MDB2 Error: syntax error
A more detailed error description: _doQuery: [Error message: Could not
execute statement] [Last executed query: select UserKey from [User]
where UserName = ?] [Native code: 102] [Native message: Incorrect
syntax near '?'.]

From this piece of code:

// Check username and password
$result = false;
if ( isset($_POST['username']) && isset($_POST['password']) ) {
$username = $_POST['username'];
// $password = $_POST['password'];
echo "username: $username<br>\n";
//echo "password: $password<br>\n";

$result =& $dbh->query($WEBAPP_LOGIN_SQL, $username);

if (PEAR::isError($result)) {
echo "An error occurred while trying to execute the following
query:<br>\n";
echo "$WEBAPP_LOGIN_SQL<br>\n";
echo "Error message: " . $result->getMessage() . "<br>\n";
echo "A more detailed error description: " . $result-
getDebugInfo() . "<br>\n";
exit();
}
}

And the query in the global variable $WEBAPP_LOGIN_SQL is:

$WEBAPP_LOGIN_SQL = "select UserKey from [User] where UserName = ?";

So I'm thinking in appending strings to form my query (in the usual
unsafe way) and think of some regular expressions to filter out
keywords for any possible inyection attack (i.e. delete|insert|update|
etc...).


.

Relevant Pages

  • Re: CRecordset::Open error
    ... get way from the pain of MFC data access ... This resulted in the folling error message: ... This gave the same syntax error. ... term in your query that's not in your table. ...
    (microsoft.public.vc.mfc)
  • Re: Update with subquery
    ... >But I get syntax error. ... Hi Manish, ... I copied this statement to Query Analyzer, ... immediately before or after the statement indicated in the error message. ...
    (microsoft.public.sqlserver.clients)
  • Re: Question about LinQ (LinQ to Sql)
    ... If you have a syntax error in the LINQ ... query you will get the error message when you compile the code. ... You can use LINQ To Objects to query any kind of collection in memory. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Nested IIF Statement syntax(?) problem
    ... I got the same "Extra) in query" error message. ... doesn't have to be an IIF statement. ... On the second I get an "Syntax error in query expression" ...
    (microsoft.public.access.queries)
  • Re: How to have access generate a username and password?
    ... That took care of the error message, however, when I ... plugged in to a query, but I can't seem to get it to work. ... username: in a query put the following: lcase(userName: ... The password will contain the first letter of the first name ...
    (microsoft.public.access.gettingstarted)