A prepare will return false on error, with the error itself in the dbh object. See the docs at http://us.php.net/manual/en/pdo.errorinfo.php

On Thu, Aug 27, 2009 at 11:39 AM, Osullivan L. <L.Osullivan@swansea.ac.uk> wrote:
Hi Till,

Thanks for the e-mail.

I tried your suggestion and it returned no PDO error but failed to authenticate with Voyager for all users and not just those with apostrophes in their name.

It is frustrating that prepare() doesn't throw an error as it's difficult to look further into the matter.

Kind Regards,

Luke


-----Original Message-----
From: Till Kinstler [mailto:kinstler@gbv.de]
Sent: 27 August 2009 15:07
To: Osullivan L.; vufind-tech@lists.sourceforge.net
Subject: Re: [VuFind-Tech] Users with Apostrophes

Osullivan L. schrieb:

> I was under the assumption that the prepare method for PDO made all the necessary changes to the sql statement for escaping apostrophes.

That's how I understand PDO::prepare(), too. Though I am not sure if
that works the way it is used in Voyager::patronLogin().
Maybe try
$sql = "SELECT PATRON.PATRON_ID FROM $this->dbName.PATRON,
$this->dbName.PATRON_BARCODE " .
"WHERE PATRON.PATRON_ID = PATRON_BARCODE.PATRON_ID AND " .
"PATRON.LAST_NAME = ':lname' AND PATRON_BARCODE.PATRON_BARCODE =
':barcode'";

and replace $sqlStmt->execute(); by

$sqlStmt->execute(array(':lname' => $lname, ':barcode' => $barcode));

We have no Voyager (we are running VuFind with no ILS in the background
at all), so I can't test this.

> The problem occurs in the Voyager driver file in the PatronLogin function and states "Call to a member function execute() on a non-object".

I think, the glitch happens even before prepare($sql) is called, because
you'll have
.. PATRON.LAST_NAME = 'O'Sullivan' AND ... in $sql. I guess prepare()
refuses that as valid parameter...
So there is no $sqlStmt object after the failing call of
$this->db->prepare($sql) and consequently no execute() method to call on
that. But irritating that the failed call of $this->db->prepare($sql)
doesn't break execution of further code. PDO::prepare throws an
exception if it fails...

That's all only my uneducated guess because I can't test it. But I think
it has something to do with the way PDO::prepare() is used here.

Till

--
Till Kinstler
Verbundzentrale des Gemeinsamen Bibliotheksverbundes (VZG)
Platz der Göttinger Sieben 1, D 37073 Göttingen
kinstler@gbv.de, +49 (0) 551 39-13431, http://www.gbv.de

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Vufind-tech mailing list
Vufind-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/vufind-tech

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Vufind-tech mailing list
Vufind-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/vufind-tech



--
Bill Dueber
Library Systems Programmer
University of Michigan Library