I'm fairly new to MySQL and PHP, so bear with me. After some research, I found out...much to my distress...that apparently my site is hosted on a Windows server (by default) on GoDaddy which doesn't support PDO.
I just recently switched all database calls to use prepared statements through recommendation from another question I posted. I now find out that these aren't running and I'm getting a nasty error:
Fatal error: Uncaught exception 'PDOException' with message 'could not find driver' in D:\Hosting\8446415\html\ROOTFOLDER\php\Connect.php:8
Stack trace: #0 D:\Hosting\8446415\html\ROOTFOLDER\php\Connect.php(8): PDO->__construct('mysql:host=HOSTNAME', 'DBNAME', 'PASSWORD')
#1 D:\Hosting\8446415\html\ROOTFOLDER\admin.php(67): Connect->connect()
#2 {main} thrown in D:\Hosting\8446415\html\ROOTFOLDER\php\Connect.php on line 8
Here is Connect.php:
<?php
class Connect {
const expAddress = "HOSTNAME";
const expUser = "USERNAME";
const expPwd = "PASSWORD";
function connect() {
$db = new PDO('mysql:host='.self::expAddress.';dbname='.self::expUser.';charset=UTF-8', self::expUser, self::expPwd);
if(!$db) {
die("<p>Could not establish a connection to the database.</p>");
include('footer.php');
}
else {
return $db;
}
}
}
?>
So what is the fix here? I don't know what is supported, and I was told to shy away from all mysql_* statements.
I cannot upgrade my hosting account to Linux, even though that would be easiest. Do I need to use mysqli_* statements? How would this particular call change so that the input is safe from injection?
$stmt = $db->prepare("SELECT * FROM logins WHERE username=? AND password=?");
$stmt->execute(array($user, $pass));
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);