This question already has answers here:
Method not found in class
(5 answers)
Closed 4 years ago.
I have several cases in Yii2 where the code analysis of PhpStorm will show that it can not find a method, even if these methods are Yii2 own methods.
$collection = Yii::$app->mongodb->getCollection('customer');
$collection->insert(['name' => 'John Smith', 'status' => 1]);
This is a standard example from the Yii2 documentation for mongoDB. But it shows this error:
Method 'insert' not found in (more...)
Please note that it does not state anything after " ... in ..." so I think it does not know at all which class is used at all.
Is there something I tell PhpStorm which class this is? Like via the PHPDoc or something?
The right hint came from Muhammad Omer Aslam in the comments to the original question.
I just needed to add this lphpDoc line just before the use of the insert.
/* #var $collection \Yii\MongoDb\Collection */
Then it will recognise the class used and throws no errors.
Thanks everybody for helping.
Related
This question already has answers here:
How can I prevent SQL injection in PHP?
(27 answers)
Closed 6 years ago.
$s = "Update member_date" [snip]
$p = $pdo->prepare($s, array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY));
$p->execute();
Is that considered a "prepared" statement to justify being secure from SQL injection-type attacks?
UPDATE:
$member_id= htmlspecialchars($_GET['member_id']);
s1 = "
update member_date
set member_date= now()
where member_id= $member_id";
OVERALL QUESTION: "Is this how I should format all my new SQL-related code? I'm just finally making the switch from old mysql statements after reading my (new) error logs. Do I need to add in the question mark placeholders for strings and such or is the format how I have it at the first line of code ok for security purposes? I know the SQL I need to get the tasks accomplished just not the PDO security parts."
No. You are not using a prepared statement as intended. What you should do is add your $id as a paramater, and so separate your content (id) from your code (sql).
While you can do safe SQL with filtering yourself, the absolute best way is to, as you put it:
add in the question mark placeholders for strings and such
You can say "this needs to be an int, and then it will never be something scary like a " or some code that does magic with your query.
PDO is the best way to avoid sql injection that may attack the server. The code looks fine though. But PHP PDO is the absolute right way to avoid sql injection.
This question already has answers here:
"Notice: Undefined variable", "Notice: Undefined index", "Warning: Undefined array key", and "Notice: Undefined offset" using PHP
(29 answers)
Closed 6 years ago.
I'm attempting to make a column be included only if the ID of the column is in the web address. But it's not returning the data. Any suggestions?
This is what my code looks like
$sql="SELECT * FROM orders WHERE `orders`.`id`= '$form_id'";
$order_data=mysql_query($sql);
$form_id=$_GET['id'];
If anyone has any suggestions, please let me know.
You may use this
$form_id=$_GET['id'];
$sql="SELECT * FROM orders WHERE `orders`.`id`= '$form_id'";
$order_data=mysql_query($sql);
Hopefully this will solve your problem
This question already has an answer here:
How can i use Yii.ActiveRecord to find unrelated records?
(1 answer)
Closed 10 years ago.
I am using Yii in the development of an internal administration system for a company. I have created a model Jobs, and this model have relations to the model Quotes of type HAS_MANY. The relation name is quotes. Now i need to select all rows (the model Jobs uses the MySQL table jobs as it's source) where each job has exactly 0 quotes associated with it. I thought that i would add this as a scope in the model. How do i accomplish this?
in model add:
public function scopes() {
return array(
'withoutQuotes'=>array(
'with'=>'quotes',
'condition'=>'quotes.id is null',
),
);
}
and then use
$model->withoutQuotes()->search() //etc
I'm using Silex as well as Doctrine. It's worked great for me for everything until I needed to bindValue for a LIMIT value. PDO's default behavior is to insert quotes around the number, which is obviously not workable. So, the solution is to set the data_type parameter. Unfortunately, it throws an error.
My Code
$start_num = 3;
$stmt = $app['db']->prepare('SELECT * FROM myTable LIMIT ?,10');
$stmt->bindValue(1, $start_num, PDO::PARAM_INT);
The Error
Fatal error: Class 'Silex\Provider\PDO' not found in ...
Most answers I've found regarding this issue say that it's a telltale sign of PDO not being compiled/enabled, however I've been using Doctrine (which relies on PDO?) successfully for a while with no problem.
Is this an issue with Doctrine? Is there something I'm doing wrong with my code?
This is a namespacing issue, if this code is in a class under the Silex\Provider namespace
Try
\PDO::PARAM_INT
I'm giving my users the ability to create their own MySQL queries. Don't worry, I'm taking all the sql injection etc into account.
What I am wanting to do is validate the parentheses they use while creating their query...
So lets say they their query looks like this:
$string = '1 AND (2 OR 3) AND (4 AND (5 OR 6)';
See how they didn't close the open parenthesis before the number 4? Is there any regex I could run on this to validate any open or closed parentheses that haven't been added correctly?
I've been playing and searching everywhere but I have no idea how to make this work.
Thanks #Jayantha! Here's the solution I found from clicking your link:
$string = '1 AND (2 OR 3) AND (4 AND (5 OR 6)';
if (!preg_match("/^((?:[^()]|\((?1)\))*+)$/", $string, $matches))
echo 'Your parentheses are wrong!';