php/pdo/msql - access denied

Question

There is a little pdo problem, that I have been working on for a while now. Since I don't know what is wrong here, I thought about taking it to this list. Maybe some of you know more...

I have a website with a login that checks a user and a password against a mysql driven database. When the pdo connection is made in the same file all works fine, one can log in, without any problems. Just as it is supposed to work...

However, when moving the database connection part to a seperate function, which I include from another file, pdo fails on me, and gives me:

SQLSTATE[28000] [1045] Access denied for user '...'@'...' (using password: NO) Fatal error: Call to a member function prepare() on a non-object in /.../.../... on line 41

For the sake of clarity, here is the code:

Version 1:

This works:

<?php
    require "./vars_and_functions.php";

    /* open database connection */
    try {
    $pdo = new PDO("mysql:host=$db_host;dbname=$db_name", $db_user, $db_pass);

    /* query */
    $query = "SELECT uname, passw FROM members WHERE uname = ? AND passw = ?";
    $q = $pdo->prepare($query);
    $q->execute(array($u_name, $p_word_md5));
    $result = $q->rowCount();

    if($result == 1) { /* we have a match */                       
    /* close the database connection */
               $pdo = null;  

                /* and redirect */
                header("...");

    } /* if */
    else { /* wrong credentials */
        /* close the database connection */                
                $pdo = null;

                /* and go back to the login page */ 
        header("...");
    } /* else */
        } /* try */ 
    catch(PDOException $e) {  
        echo $e->getMessage();  
    } /* catch */
?>

Here is version 2

This does not work:

<?php
        require "./vars_and_functions.php";

        /* open database connection */
        $pdo = database_connection();



    /* query */
            $query = "SELECT uname, passw FROM members WHERE uname = ? AND passw = ?";
            $q = $pdo->prepare($query);
            $q->execute(array($u_name, $p_word_md5));
            $result = $q->rowCount();

        if($result == 1) { /* we have a match */                       
               /* close the database connection */
                   $pdo = null;  

                    /* and redirect */
                    header("...");

        } /* if */
        else { /* wrong credentials */
            /* close the database connection */                
                    $pdo = null;

                    /* and go back to the login page */ 
            header("...");
        } /* else */
            } /* try */ 
    catch(PDOException $e) {  
        echo $e->getMessage();  
    } /* catch */
?>

My includefile vars_and_functions.php looks like this:

$db_host = "...";       
$db_name = "...";           
$db_user = "...";       
$db_pass = "...";       

function database_connection() {
    try {
    $pdo = new PDO("mysql:host=$db_host;dbname=$db_name", $db_user, $db_pass);
}  
catch(PDOException $e) {  
    echo $e->getMessage();  
}  

return $pdo;
}

The only real difference to my mind is that here, the pdo connection is made via a function call, whereas the function sits in the include file vars_and_functions.php.

What's wrong here?

Answer 1

Your function database_connection() doesn't receive the connection variables in the correct scope, so they are not set when the connection is attempted and therefore passed as NULL, and PDO defaults the connection host to localhost.

Pass them as parameters to the function:

// Defined at global scope...
$db_host = "...";       
$db_name = "...";           
$db_user = "...";       
$db_pass = "...";       

// Pass the 4 variables as parameters to the function, since they were defined at global
// scope.
function database_connection($db_host, $db_name, $db_user, $db_pass) {
    try {
    $pdo = new PDO("mysql:host=$db_host;dbname=$db_name", $db_user, $db_pass);
}  

// Called as:
$pdo = database_connection($db_host, $db_name, $db_user, $db_pass);

If you are only using those variables inside the connection function and don't need them elsewhere, consider defining them in scope of the function, which saves you passing them as parameters.

function database_connection() {
    // Only needed here, so define in function scope
    $db_host = "...";       
    $db_name = "...";           
    $db_user = "...";       
    $db_pass = "...";       

    try {
    $pdo = new PDO("mysql:host=$db_host;dbname=$db_name", $db_user, $db_pass);
}  

The final and often least desirable option is to define the variables at global scope as you have done, but access them via $GLOBALS[] (or the global keyword) in the function:

function database_connection() {
    try {
    $pdo = new PDO("mysql:host={$GLOBALS['db_host']};dbname={$GLOBALS['db_name']}", $GLOBALS['db_user'], $GLOBALS['db_pass']);
} 

Note that if you are developing with error_reporting turned on and display_errors as you should be, you would see notices about undefined variables.

error_reporting(E_ALL);
ini_set('display_errors', 1);