Web Analytics Made Easy -
StatCounter How can I fix this syntax error - CodingForum

Announcement

Collapse
No announcement yet.

How can I fix this syntax error

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • How can I fix this syntax error

    Hi,I am getting syntax error at this line .How can I fix it.
    .......<?php?>.........

    Code:
       
    
    this is my code
    
        <?php
        
        try {
            $db = new PDO("mysql:host=localhost;dbname=vt", "root", "", array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8"));
        
        } catch (PDOException $ex) {
            $ex->getMessage();
        
        }
        $islem = $_GET["islem"];
        switch ($islem) {
            case "hakkimda":
                break;
            case "iletisim":
                break;
            default:
                $v=$db->prepare("select * from konular");
                $v->execute(array());
                $x=$v->fetchAll();
                foreach ($x as $m){
                <?php?>
        
                }
        
             break;
        }
        
        
        ?>

  • #2
    What on earth is the code supposed to do anyway? When you already are in PHP mode, trying to get into PHP mode makes no sense.

    The code has plenty of other problems
    • Never change the connection encoding with a SET NAMES query. This can lead to SQL injection vulnerabilities. Always use the charset attribute in the DSN string.
    • Don't catch exceptions unless you know what you're doing. Printing the exception message on the screen makes zero sense and is potentially dangerous.
    • As I've already said in your previous thread, a prepared statement with zero parameters makes no sense. Use the query() method. Use the query() method. Use the query() method.
    • Don't use SELECT *. Always select specific columns.
    • No need to fetchAll(). Just iterate directly over the statement.

    Comment


    • #3
      Originally posted by Jacques1 View Post
      As I've already said in your previous thread, a prepared statement with zero parameters makes no sense.
      The main purpose for prepare statements is for when you are going to retrieve the same query multiple times. A prepare statement with zero parameters makes as much or more sense for that use than where you need to bind values to the SQL as the fewer the parameters the more efficient the prepare step can be.

      Using prepare to keep code and data separate is a side effect of how it works and is not its main purpose.
      Stephen
      Learn Modern JavaScript - http://javascriptexample.net/
      Helping others to solve their computer problem at http://www.felgall.com/

      Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.

      Comment


      • #4
        Nonsense.

        First off, I don't see the OP reuse the query anywhere in the code, so we're, again, taking about hypotheticals. Secondly, “more efficient” doesn't mean anything. Efficient in what sense? To which extent? With which data?

        At the same time, using prepared statements to prevent security vulnerabilities and software defects is a real, actual, demonstrable benefit. So this is not only the main purpose. It may in fact be the only purpose in practice.

        Fun fact: PDO::query() actually creates a prepared statement internally, so replacing this one line of code with two lines of code for PDO:repare() and PDOStatement::execute() to be “more efficient” makes exactly zero sense.

        Comment


        • #5
          Originally posted by Jacques1 View Post
          Fun fact: PDO::query() actually creates a prepared statement internally, so replacing this one line of code with two lines of code for PDO:repare() and PDOStatement::execute() to be “more efficient” makes exactly zero sense.
          So that means there's no actual reason to use prepare with PDO as the system will convert all the queries to prepare for you.
          Stephen
          Learn Modern JavaScript - http://javascriptexample.net/
          Helping others to solve their computer problem at http://www.felgall.com/

          Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.

          Comment


          • #6
            No. Or at least your conclusion is oddly phrased.

            When you have external input, you do use explicit prepared statements. But when you have a static query, you just use PDO::query().

            Comment

            Working...
            X