code = $mycode; } function pop() { return $this->lookup("pop"); } function area() { return $this->lookup("area"); } function pop_density() { return $this->pop() / $this->area(); } function lookup($item) { try { global $username, $pw; $dbh = new PDO('mysql:host=localhost;dbname=nations', $username, $pw); # Why is this not an SQL injection attack? $stmt = $dbh->prepare("SELECT $item FROM nations where code = ' $this->code'"); if ($stmt->execute()) { $row = $stmt->fetch(); print_r($row); return $row[0] ; } die("Some sort of DB error"); # $dbh = null; Not needed! } catch (Exception $e) { print "Error!: " . $e->getMessage() . "
"; die("Database thing: $e->getMessage()"); } } } ?>