fomalhaut
Member
- Messages
- 107
- Reaction score
- 0
- Points
- 16
Hello.
I try to use the quote function of PDO to escape a string issued from a form. The connection with the DB seems to be establish, but I've this message :
that's the function I use :
the script after that isn't executed because of the error.
That's the included DB_Connect.inc :
and the functions.php :
I don't understand why that doesn't work ! Fore, I used a mysql_real_escape_string with a mysql connection (out of PDO) but all the rest of my script's access to DB was written with PDO. I'd like to uniformize, using only one connection via my include file DB_Connect.inc !!!
Am I on the wrong way ?
Thank you for your help.
I try to use the quote function of PDO to escape a string issued from a form. The connection with the DB seems to be establish, but I've this message :
that's the function I use :
PHP:
include ('DB_Connect.inc');
include ('functions.php');
$ut = $_POST['utilisateur'];
$pa = safe($_POST['upass']);That's the included DB_Connect.inc :
PHP:
<?php
//on se connecte à la database
$db = DB_name;
$dbh = new PDO("mysql:host=localhost;dbname=$db", 'user', 'password');
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
?>
PHP:
<?php
// ce fichier est un include php
function safe($v) {
// return mysql_real_escape_string($var);
$ret = $dbh->quote($v);
return $ret;
}
?>Am I on the wrong way ?
Thank you for your help.