I am using namecheap hosting with their database of course. I am using PDO in order to insert the data.
$uid = $db->lastInsertId();
$insertColors = $db->prepare('INSERT INTO user_colors (user) VALUES (?)');
$insertColors->bindValue(1, $uid, PDO::PARAM_INT);
$insertColors->execute();
each time a user signs up to my website they are assigned an ID through here.
The errors I've gotten lead me back to this line of code (above all the other code)
$insert->execute();
line 114
heres the rest of that code.
$insert = $db->prepare('INSERT INTO users (username, `password`, email, ip, bday, bmonth, byear, timelastseen, timeregistered) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)');
$insert->bindValue(1, $username, PDO::PARAM_STR);
$insert->bindValue(2, password_hash($password, PASSWORD_BCRYPT), PDO::PARAM_STR);
$insert->bindValue(3, $email, PDO::PARAM_STR);
$insert->bindValue(4, $_SERVER['REMOTE_ADDR'], PDO::PARAM_STR);
$insert->bindValue(5, substr($_POST['bdate'], 1, 1), PDO::PARAM_INT);
$insert->bindValue(6, substr($_POST['bdate'], 3, 3), PDO::PARAM_INT);
$insert->bindValue(7, substr($_POST['bdate'], 6, 7), PDO::PARAM_INT);
$insert->bindValue(8, time(), PDO::PARAM_INT);
$insert->bindValue(9, time(), PDO::PARAM_INT);
$insert->execute();
Related
I am trying to use prepared statements as a best practice but I keep getting these errors.
1) You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') VALUES (?, ?, ?, ?, ?,?, ?, ?, ?, ?)'
2) Undefined index: finalExamGrade in C:\wamp64 (this goes for all the superglobal variables)
3) Fatal error: Call to a member function bind_param() on boolean in C:\wamp64\
Any fixes? Ideas?
PHP/MySQL
require_once("DBCONNECT.php");
$id = $_REQUEST['studentID'];
$last = $_REQUEST['lastName'];
$first = $_REQUEST['firstName'];
$grade1 = $_REQUEST['test1Grade'];
$grade2 = $_REQUEST['test2Grade'];
$grade3 = $_REQUEST['test3Grade'];
$grade4 = $_REQUEST['test4Grade'];
$final = $_REQUEST['finalExamGrade'];
$stmt = $connect->prepare("SELECT * FROM students) VALUES (?, ?, ?, ?, ?,?, ?)");
$stmt->bind_param("issiiiii", $id, $last, $first, $grade1, $grade2, $grade3, $grade4, $final);
$stmt->execute();
var_dump($id, $last, $first, $grade1, $grade2, $grade3, $grade4, $final);
$stmt->close();
$connect->close();
$stmt = $connect->prepare("SELECT * FROM students) VALUES (?, ?, ?, ?, ?,?, ?)");
The above code is the root of all of your problem.
You use SELECT to insert data. It should be INSERT.
There is an extra bracket after students table.
The total parameters doesn't match with the bind_param one. There are 7 ?
in your code when you want to store 8 variables.
Change into this code
$stmt = $connect->prepare("INSERT INTO students(col1, col2, col3, col4, col5, col6, col7, col8) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
$stmt->bind_param("issiiiii", $id, $last, $first, $grade1, $grade2, $grade3, $grade4, $final);
I don't explain this code any further because it has been discussed on comments.
I am switching from mysqli syntax to PDO and having some doubts:
Before I used this (example of binding int, string, decimal values):
$stmt = $conn->prepare("INSERT INTO MyGuests (firstname, id, value) VALUES (?, ?, ?)");
$stmt->bind_param("sid", $firstname, $id, $value);
$stmt->execute();
With PDO I should use this: (here param decimal already doesnt exist, not to mention that I have to write multiple lines for binging)
$stmt = $conn->prepare("INSERT INTO MyGuests (firstname, id, value) VALUES (?, ?, ?)");
$stmt->bindParam(1, $firstname, PDO::PARAM_STR);
$stmt->bindParam(2, $id, PDO::PARAM_INT);
$stmt->bindParam(3, $value, PDO::PARAM_STR);//no decimal type!
$stmt->execute();
Should I just 'forget' about types and do this?
$stmt = $conn->prepare("INSERT INTO MyGuests (firstname, id, value) VALUES (?, ?, ?)");
$stmt->execute([$firstname, $id, $value]);
How can int and decimal fail in this situation?
Yes, most of time you should.
There are only few extremely rare cases where you would have to fall bфck to separate binding. While for the both INT and DECIMAL string binding is all right.
Note that for the decimal type you should be using "s" in mysqli as well.
I have to register a costumer and/or a manager into the database. I just have one form for the information, the only difference is the ID number (valid for managers). The costumers should leave this form blank. I was trying to save the data just using an if statement (If it is blank, save the information in costumer table. If it is not, save in manager). I have not seen this on my classes so I am not sure if it is possible.
Is it possible to use an if statement to insert data? What I mean is, I have two different tables but just one form (one of the forms will make the difference for which table the data will be saved.
The data in the manager table is ok, but when I try to insert data into costumer it is not working. I am not sure that I can use this.
if($_SESSION['id'] != null){
$sql = "INSERT INTO manager (id,magname,maglname,maguser,magpass) VALUES (?, ?, ?, ?, ?);";
$sth = $DBH->prepare($sql);
$sth->bindParam(1, $_SESSION['id'], PDO::PARAM_INT);
$sth->bindParam(2, $_SESSION['firstname'], PDO::PARAM_INT);
$sth->bindParam(3, $_SESSION['secondname'], PDO::PARAM_INT);
$sth->bindParam(4, $_SESSION['username'], PDO::PARAM_INT);
$sth->bindParam(5, $_SESSION['password'], PDO::PARAM_INT);
$sth->execute();
}
if(empty($_SESSION['id']){
$sql = "INSERT INTO costumer (fisrtname,lastname,username,password) VALUES (?, ?, ?, ?);";
$sth = $DBH->prepare($sql);
$sth->bindParam(1, $_SESSION['firstname'], PDO::PARAM_INT);
$sth->bindParam(2, $_SESSION['lastname'], PDO::PARAM_INT);
$sth->bindParam(3, $_SESSION['username'], PDO::PARAM_INT);
$sth->bindParam(4, $_SESSION['password'], PDO::PARAM_INT);
$sth->execute();
}
you can do it directly through following code
if(isset($_SESSION['id']))
$sql = "INSERT INTO `manager`..."
else
$sql = "INSERT INTO `customer`..."
or something like this
if(!empty($_SESSION['id']))
{ $sql = "INSERT INTO `manager`..."}
else
{ $sql = "INSERT INTO `customer`..."}
I am working with sqlite for the first time.
Preparing a query string like
$articleInsertQuery = "INSERT INTO Articles VALUES (?, ?, ?, ?, ?)", ($i, $title, $content, $date, 93,);
It returns "Parse error". I also tried without passing parametrized query like
$articleInsertQuery = "INSERT INTO Articles VALUES ($i, $title, $content, $date, 93)";
ANd getting "Unable to prepare statement: 1, unrecognized token: ":" "
Any idea where I am doing wrong?
#arnoldIf you are using PDO for that.
The way to prepare and execute your query would be as follows.
$dbObject = new PDO('sqlite:sqlitedb');// NEW LINE
$articleInsertQuery = "INSERT INTO Articles VALUES (?, ?, ?, ?, ?)";
$query = $dbObject->prepare($articleInsertQuery);
$query->execute(array($i, $title, $content, $date, 93));
EDIT:
See sqlite3 prepare.
$articleInsertQuery = "INSERT INTO Articles VALUES (:i, :title, :content, :date, :int)";
$query = $dbObject->prepare($articleInsertQuery);
$query->bindValue(':i', $i, SQLITE3_INTEGER);
$query->bindValue(':title', $title, SQLITE3_TEXT);
$query->bindValue(':content', $content, SQLITE3_TEXT);
$query->bindValue(':date', $date, SQLITE3_TEXT);
$query->bindValue(':int', 93, SQLITE3_INTEGER);
$result = $query->execute();
Hope this helps.
I have a User class and I'm wondering what would be the "most recommended" way to handle insertions?
Option 1: Use an existing object
// insert a new user and return the user id
public function insert() {
$sql = "INSERT INTO users (username, password, email, avatar, subscribe, created, last_login, valid) VALUES
(?, ?, ?, ?, ?, ?, ?, ?)";
$sth = $this->db->prepare($sql);
$sth->bindParam(1, $this->username, PDO::PARAM_STR);
$sth->bindParam(2, $this->password, PDO::PARAM_STR);
$sth->bindParam(3, $this->email, PDO::PARAM_STR);
$sth->bindParam(4, $this->avatar, PDO::PARAM_STR);
$sth->bindParam(5, $this->subscribe, PDO::PARAM_STR);
$sth->bindParam(6, $this->created, PDO::PARAM_STR);
$sth->bindParam(7, $this->last_login, PDO::PARAM_STR);
$sth->bindParam(8, $this->valid, PDO::PARAM_STR);
$sth->execute();
return $this->db->lastInsertId();
}
Option 2: Pass the information in as an array
// insert a new user and return the user id
public function insert(array $fields = array()) {
if(!empty($fields)) {
$sql = "INSERT INTO users (username, password, email, avatar, subscribe, created, last_login, valid) VALUES
(:username, :password, :email, :avatar, :subscribe, :created, :last_login, :valid)";
$sth = $this->db->prepare($sql);
$sth->execute($fields);
return $this->db->lastInsertId();
}
}
Another option? Does it make any difference?
Both ways are okay but personally I suggest second option