Select Git revision
school-01.php
Forked from
Peter Gerwinski / Datenbanken und Datensicherheit
Source project has a limited visibility.
school-01.php 1.40 KiB
<html>
<body>
<?php
try
{
$db = new PDO ('pgsql: host = localhost; dbname = testdb; user = dbs; password = 1234');
}
catch (\PDOException $e)
{
echo '<p>';
echo $e->getMessage();
echo '</p>';
echo '<p>';
exit ('cannot connect to database');
echo '</p>';
}
$db->exec ('INSERT INTO students (first_name, family_name) VALUES ( '
.$_POST["first_name"].', '.$_POST["familty_name"]
.' );');
$stmt = $db->query ('SELECT * FROM student;');
echo '<table><tr>';
while ($row = $stmt->fetch())
{
echo '<tr><td>';
echo $row['id'];
echo '</td><td>';
echo $row['first_name'];
echo '</td><td>';
echo $row['family_name'];
echo '</td></tr>';
}
echo '</tr></table>';
?>
</body>
</html>
<!-- Aus den Log-Dateien des Web-Servers:
[Thu Dec 07 12:50:06.952167 2023] [php:error] [pid 163970] [client ::1:52394]
PHP Fatal error: Uncaught PDOException: SQLSTATE[42601]: Syntax error: 7
FEHLER: Syntaxfehler bei \xc2\xbb)\xc2\xab\nLINE 1: ... INTO students
(first_name, family_name) VALUES ( Peter, );\n
^ in /var/www/dbs/school-01.php:17\nStack trace:\n#0
/var/www/dbs/school-01.php(17): PDO->exec()\n#1 {main}\n thrown in
/var/www/dbs/school-01.php on line 17