Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion error when trying to config database.php to use PDO
error when trying to config database.php to use PDO
  • El Forum
    Unregistered
  •  
#3
06-17-2012, 11:46 AM

[eluser]Govinda[/eluser]
Sweden,
thanks for trying to help here!

When I change that config. item to what worked for you, i.e.:
Code:
$db['local_dev']['hostname'] = 'mysql:localhost';

...then I get an even longer error:

Quote:A PHP Error was encountered

Severity: Warning

Message: PDO::__construct() [pdo.--construct]: [2002] No such file or directory (trying to connect via unix:///var/mysql/mysql.sock)

Filename: pdo/pdo_driver.php

Line Number: 114

Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[HY000] [2002] No such file or directory' in
/Library/WebServer/Documents/system/database/drivers/pdo/pdo_driver.php:114 Stack trace: #0
/Library/WebServer/Documents/system/database/drivers/pdo/pdo_driver.php(114): PDO->__construct('mysql:localhost...', 'root', '', Array) #1
/Library/WebServer/Documents/system/database/DB_driver.php(115): CI_DB_pdo_driver->db_pconnect() #2
/Library/WebServer/Documents/system/database/DB.php(148): CI_DB_driver->initialize() #3
/Library/WebServer/Documents/system/core/Loader.php(346): DB('', NULL) #4
/Library/WebServer/Documents/system/core/Loader.php(1171): CI_Loader->database() #5
/Library/WebServer/Documents/system/core/Loader.php(152): CI_Loader->_ci_autoloader() #6
/Library/WebServer/Documents/ in
/Library/WebServer/Documents/system/database/drivers/pdo/pdo_driver.php on line 114

Notice before, when I had it set like so:
Code:
$db['default']['hostname'] = 'localhost:/tmp/mysql.sock';

...then at least there was not that first error about
Quote:No such file or directory
.

Did you ever have it working with the mysql driver instead of PDO? In other words, did you ever have this config item set like so:
Code:
$db['default']['dbdriver'] = 'mysql';
?

If you did successfully try/use the mysql driver before, then what was your
Code:
$db['default']['hostname']
then?
When I use the mysql driver, then I have to set hostname like this:
Code:
$db['default']['hostname'] = 'localhost:/tmp/mysql.sock';

Your answer may give enough clue/insight to figure this out.

I feel silly, because I am sure the issue is simple for experts who actually run mysql servers for a living ;-)
Or is the issue having to do with CI code? If so, then how could CI 2.1.0 (or 2.1.1) even be released?

------------------------------------------------------------------------------------------------------------------------------------------------

On the topic of security, I would really like to get to the bottom of the whole discussion. I have read so many threads where it is evident to me that very few really know the true situation. I am just learning, but AFAICT; I *think*, the topic boils down to these points (in my own words):

1.) Code Igniter, all along, has been using mysql_real_escape_string() to protect against SQL injection. Even CI's "Query Bindings", despite their appearance, and Active Record, essentially *rely on* mysql_real_escape_string(). Someone please correct me if I am wrong. I am new enough to OOP to be daunted to reverse engineer CI's classes to prove definitive answers to myself, one way or the other.

2.) Many people feel that escaping is not really safe anymore. E.g.:
http://marc.info/?l=php-general&m=131603743606025&w=2
...and they yell at everyone who still uses escaping. But it is ironic because countless apps/libraries/professionals still *reliably/successfully* rely on escaping for protection, everyday. If done right, escaping still works, despite the hype against it. Someone please correct me if I am wrong (please demo a hack that gets around *properly use of* mysql_real_escape_string().

Now with the PDO driver we have the possibility to use PDO, but (and here I do not really know, but am just guessing by what I have seen other newbie's write) - CI's implementation of PDO does not yet allow use of prepare/Execute ... and so misses the chance to take advantage of the reason that PDO is so attractive to the experts who warn against relying on escaping, in the first place.

But what you wrote show you using prepare/Execute, right? So then why do others say it is not possible yet? And why did you say/confirm that,
Quote:...its useless to use PDO without prepare/execute ... because you gain no extra security
?? ...when you ARE using prepare/execute?

Also, is your example:
Code:
$sth = $this->db->conn_id->prepare("SELECT * FROM tbl_movies");
$sth->execute(array("Harry%Potter"));
...really complete? Aren't you missing the placeholder? ..where "Harry%Potter" gets inserted into the statement?

Thanks for any feedback


Messages In This Thread
error when trying to config database.php to use PDO - by El Forum - 06-16-2012, 08:06 PM
error when trying to config database.php to use PDO - by El Forum - 06-17-2012, 09:28 AM
error when trying to config database.php to use PDO - by El Forum - 06-17-2012, 11:46 AM
error when trying to config database.php to use PDO - by El Forum - 06-19-2012, 01:02 AM
error when trying to config database.php to use PDO - by El Forum - 06-20-2012, 05:55 AM
error when trying to config database.php to use PDO - by El Forum - 06-20-2012, 05:56 PM
error when trying to config database.php to use PDO - by El Forum - 08-19-2012, 12:43 AM
error when trying to config database.php to use PDO - by El Forum - 08-19-2012, 12:46 AM



Theme © iAndrew 2016 - Forum software by © MyBB