So i'm building a website where you can buy tickets etc. So I want to have a login system, I started building the website and started with the PHP code to sign in but I always get the error Array?? It does work when I only want to insert a variable email and the rest plain text.
I've spend a whole week trying different methods etc. But I don't get why it doesn't work.
I even get the same error when I use constants instead of POST variables...
CREATE TABLE Users(
userId SERIAL,
email VARCHAR(40) NOT NULL,
password VARCHAR(30) NOT NULL,
firstName VARCHAR(20) NOT NULL,
lastName VARCHAR(20) NOT NULL,
age INT NOT NULL,
organizer BOOLEAN NOT NULL,
region VARCHAR(30),
favouriteGenre VARCHAR(15),
description VARCHAR(200),
PRIMARY KEY(userId)
);
<?php
require 'globals.php';
try {
$db_conn = new PDO("pgsql:host=$db_host;dbname=$db_name", $db_user, $db_password);
} catch (PDOException $e) {
die("Error: ".$e->getMessage()."\n");
}
$email = $_POST['email'];
$password = $_POST['password'];
$pwdConfirm = $_POST['confirm'];
$firsName = $_POST['firstName'];
$lastName = $_POST['lastName'];
$age = $_POST['age'];
$rol = $_POST['rol'];
$region = $_POST['region'];
$favGenre = $_POST['favGenre'];
$description = $_POST['description'];
//TODO inputChecks
$query = $db_conn->prepare('INSERT INTO users (email, password, firstName, lastName, age, organizer)
VALUES (:email, :password, :firstName, :lastName, :age, :organizer)');
$query->bindParam(':email', $email, PDO::PARAM_STR, 40);
$query->bindParam(':password', $password, PDO::PARAM_STR, 30);
$query->bindParam(':firstName', $firstName, PDO::PARAM_STR, 20);
$query->bindParam(':lastName', $lastName, PDO::PARAM_STR, 20);
$query->bindParam(':age', $age, PDO::PARAM_INT);
$query->bindParam(':organizer', $firstName, PDO::PARAM_BOOL);
if ($query->execute()) {
echo "success!";
} else {
die("Execute query error: ".$db_conn->errorInfo());
}
$db_conn = NULL;
I expect it to insert it into the database and don't give an error anymore.
Try this
$query = $db_conn->prepare('INSERT INTO users (email, password, firstName, lastName, age, organizer,region, favouriteGenre, description)
VALUES (:email, :password, :firstName, :lastName, :age, :organizer, :region, :favouriteGenre, :description)');
$query->bindParam(':email', $email, PDO::PARAM_STR, 40);
$query->bindParam(':password', $pwd, PDO::PARAM_STR, 30);
$query->bindParam(':firstName', $firstName, PDO::PARAM_STR, 20);
$query->bindParam(':lastName', $lastName, PDO::PARAM_STR, 20);
$query->bindParam(':age', $age, PDO::PARAM_INT);
$query->bindParam(':organizer', $firstName, PDO::PARAM_BOOL);
$query->bindParam(':region', $region, PDO::PARAM_STR);
$query->bindParam(':favouriteGenre', $favGenre, PDO::PARAM_STR);
$query->bindParam(':description', $description, PDO::PARAM_STR);
One of the possible causes of the error you are getting is that you are trying to insert 6 values into a table with 9 fields.Another possible cause of the bug is that you have defined the variable for password as $pwd but use $password variable when binding parameters.
Related
When I run this code, I get the following error:
Fatal error call to a member function bind_param() on a non-object.
Here is the code for the function:
public function storeUser($name, $email, $password, $phone, $address1, $address2) {
$uuid = uniqid('', true);
$hash = $this->hashSSHA($password);
$encrypted_password = $hash["encrypted"]; // encrypted password
$salt = $hash["salt"]; // salt
$stmt = $this->conn->prepare("INSERT INTO `users`(`id`, `unique_id`, `name`, `email`, `phone`, `address1`, `address2`, `encrypted_password`, `salt`, `created_at`) VALUES (?,?,?,?,?,?,?,?,NOW())");
$stmt->bind_param("ssssssss", $uuid, $name, $email, $phone, $address1, $address2, $encrypted_password, $salt);
$result = $stmt->execute();
$stmt->close();
// check for successful store
if ($result) {
$stmt = $this->conn->prepare("SELECT * FROM users WHERE email = ?");
$stmt->bind_param("s", $email);
$stmt->execute();
$user = $stmt->get_result()->fetch_assoc();
$stmt->close();
return $user;
} else {
return false;
}
}
Here is a pdo example since the connection method was not specified
public function connection ($username, $password, $servername, $databasename)
{
$this->conn = new PDO("mysql:host=$servername;dbname=$databasename", $username, $password);
return true;
}
public function storeUser($name, $email, $password, $phone, $address1, $address2)
{
$uuid = uniqid('', true); $hash = $this->hashSSHA($password);
$encrypted_password = $hash["encrypted"]; // encrypted password
$salt = $hash["salt"]; // salt
$stmt = $this->conn->prepare("INSERT INTO `users`(`id`, `unique_id`, `name`, `email`, `phone`, `address1`, `address2`, `encrypted_password`, `salt`, `created_at`) VALUES (?,?,?,?,?,?,?,?,NOW())");
$stmt->bindValue(1, $uuid, PDO::PARAM_STR);
$stmt->bindValue (2, $name, PDO::PARAM_STR);
$stmt->bindValue (3, $email, PDO::PARAM_STR);
$stmt->bindValue (4, $phone, PDO::PARAM_STR);
$stmt->bindValue (5, $address1, PDO::PARAM_STR);
$stmt->bindValue (6, $address2, PDO::PARAM_STR);
$stmt->bindValue (7, $encrypted_password, PDO::PARAM_STR);
$stmt->bindValue (8, $salt, PDO::PARAM_STR);
$result = $stmt->execute();
if ($result)
{
$stmt = $this->conn->prepare("SELECT * FROM users WHERE email = ?");
$stmt->bind_param(1, $email PDO::PARAM_STR);
$stmt->execute();
$user = $stmt->fetch(PDO::FETCH_ASSOC);
return $user;
}
else
{
return false;
}
}
I am trying to execute a prepared statement using a PDO via PHP on a MySQL database.
I have tried two versions of the code both have not worked. The function update will execute but nothing will get updated in the database. My view customerData functions using fetch() and fetchAll() both work as does my deleteData function.
My current database structure is:
customerID(int11)
firstName(varchar(50)
lastName(varchar(50)
address(varchar(50)
city(varchar(50)
state(varchar(50)
postalCode(varchar(20)
countryCode(char(2)
phone(varchar(20)
email(varchar(50)
password(varchar(20)
The current version of code I am using:
function update_customer($customerID, $firstName, $lastName, $address, $city, $state, $postalCode, $countryCode, $phone, $email, $password)
{
global $db;
$query = "UPDATE customers
SET
firstName = :first,
lastName = :last,
address = :add,
city = :c,
state = :s,
postalCode = :postal,
countryCode = :country,
phone = :p,
email = :e,
password = :password
WHERE customerID = :ID";
$statement = $db->prepare($query);
$statement->bindValue(':first',$firstName);
$statement->bindValue(':last', $lastName);
$statement->bindValue(':add', $address);
$statement->bindValue(':c' ,$city);
$statement->bindValue(':s',$state);
$statement->bindValue(':postal', $postalCode);
$statement->bindValue(':country',$countryCode);
$statement->bindValue(':p', $phone);
$statement->bindValue(':e', $email);
$statement->bindValue(':pass', $password);
$statement->bindValue(':ID', $customerID);
$statement->execute();
$statement->closeCursor();
}
The other version of code I have used
function update_customer($customerID, $firstName, $lastName, $address, $city, $state, $postalCode, $countryCode, $phone, $email, $password)
{
global $db;
$query = "UPDATE customers
SET
firstName = ?,
lastName = ?
address = ?,
city = ?,
state = ?,
postalCode = ?,
countryCode = ?,
phone = ?,
email = ?,
password = ?
WHERE customerID = ?";
$statement = $db->prepare($query);
$statement->bindParam('ssssssssssi', $firstName, $lastName, $address, $city, $state, $postalCode, $countryCode, $phone, $email, $password, $customerID);
$statement->execute();
$statement->closeCursor();
}
My other 3 prepared statements work perfectly, for example here is the prepared statement that populates the update customer form.
function view_customerData ($customerID) {
global $db;
$query = "SELECT * FROM customers
WHERE customerID = $customerID";
try {
$statement = $db->prepare($query);
$statement->execute();
$customerData = $statement->fetch();
return $customerData;
} catch (PDOException $e) {
$error_message = $e->getMessage();
echo "<p>Database error: $error_message </p>";
exit();
}
}
Try to put the whole update customer code on try block and put catch block if any error occurs. But first of all fix this line
$statement->bindValue(':pass', $password);
to
$statement->bindValue(':password', $password);
^^^^
try {
//.....put your update customer code here ...
} catch (PDOException $e) {
$error_message = $e->getMessage();
echo "<p>Database error: $error_message </p>";
exit();
}
I have created register form page using php.
This is code_exec.php:
<?php
include 'config.php';
error_reporting(E_ERROR);
session_start();
$form = $_POST;
$fname=$form['fname'];
$lname=$form['lname'];
$email=$form['email'];
$pass=$form['pass'];
$phone=$form['phone'];
$sex_select=$form['sex_select'];
$month=$form['month'];
$day=$form['day'];
$year=$form['year'];
$result = "INSERT INTO crop ( fname, lname, email, pass, phone,`sex_select`, month,day,year) VALUES
( :fname, :lname, :email, :pass, :phone, :sex_select, :month, :day, :year)";
if (!$result) {
die(msg(0,"wrong query"));
}
?>
config.php:
<?php
$user = 'root';
$pass = '';
$db = new PDO( 'mysql:host=localhost;dbname=crop', $user, $pass );
?>
Now i didn't show any error, but didn't store user data.
May i know, what is my mistake with my code.
Thanks in advance.
Remove the field "year" from your table and rename it to something else.As mysql treats the year like a keyword .so it will not allow you to insert data into the table.
The same problem was raised for me few days back. I have tested in phpmyadmin.I found this solution.
And Also you need to execute the query like this
mysql_query($result);
then check if it is not executed..
you need to try like this
include 'config.php';
error_reporting(E_ERROR);
session_start();
$fname=$_POST['fname'];
$lname=$_POST['lname'];
$email=$_POST['email'];
$pass=$_POST['pass'];
$phone=$_POST['phone'];
$sex_select=$_POST['sex_select'];
$month=$_POST['month'];
$day=$_POST['day'];
$year=$_POST['year'];
$result = $db->prepare("INSERT INTO crop (`fname`, `lname`, `email`, `pass`, `phone`,`sex_select`, `month`,`day`,`year`) VALUES ( :fname, :lname, :email, :pass, :phone, :sex_select, :month, :day, :year)");
$result->bindValue(':fname', $fname, PDO::PARAM_STR);
$result->bindValue(':lname', $lname, PDO::PARAM_STR);
$result->bindValue(':email', $email, PDO::PARAM_STR);
$result->bindValue(':pass', $pass, PDO::PARAM_STR);
$result->bindValue(':phone', $phone, PDO::PARAM_STR);
$result->bindValue(':sex_select', $sex_select, PDO::PARAM_STR);
$result->bindValue(':month', $month, PDO::PARAM_STR);
$result->bindValue(':day', $day, PDO::PARAM_STR);
$result->bindValue(':year', $year, PDO::PARAM_STR);
$result->execute();
Hi I am getting error during the execution of PDO prepare statement. My local development works fine but when I try to insert to cleardb in cloud this error occur:
SQLSTATE[42000]: Syntax error or access violation: 1142 INSERT command denied to user 'b2218f51d4a66e'#'191.235.136.58' for table 'user'' in /var/www/php1/CRUD.php:52
function create_User($firstname, $lastname, $username, $password, $address, $city, $zip, $country, $email) {
global $dbh;
$this->password = $password;
$token = md5($this->salt1 . $this->password . $this->salt2);
$this->sth = $dbh->prepare('INSERT INTO `Php_Project`.`User`
(
userName,
passWord,
create_DateStamp,
e_mail)
VALUES
(
:username,
:token,
NOW(),
:email
);
');
$this->sth->bindParam(':username', $username, PDO::PARAM_STR);
$this->sth->bindParam(':token', $token, PDO::PARAM_STR);
$this->sth->bindParam(':email', $email, PDO::PARAM_STR);
if ($this->sth->execute()) {
$this->message = "true";
} else {
$this->message = "false";
}
if ($this->message == "true") {
$userId = $dbh->lastInsertId();
$this->sth = $dbh->prepare('INSERT INTO `Php_Project`.`user_Detail`
(
firstName,
lastname,
adress,
zip,
city,
country,
userId)
VALUES
(
:firstname,
:lastname,
:address,
:zip,
:city,
:country,
:userId
);');
$this->sth->bindParam(':firstname', $firstname, PDO::PARAM_STR);
$this->sth->bindParam(':lastname', $lastname, PDO::PARAM_STR);
$this->sth->bindParam(':address', $address, PDO::PARAM_STR);
$this->sth->bindParam(':zip', $zip, PDO::PARAM_INT);
$this->sth->bindParam(':city', $city, PDO::PARAM_STR);
$this->sth->bindParam(':country', $country, PDO::PARAM_STR);
$this->sth->bindParam(':userId', $userId, PDO::PARAM_STR);
if ($this->sth->execute()) {
$this->message = true;
} else {
$this->message = false;
}
}
}
This is a permissions problem. Your database user has the INSERT permission for the table on your development server but not on your production server, so you'll need to change the user permissions using GRANT on your production server.
class MyClass {
private $db;
// Constructor
function __construct() {
$this->db = new mysqli('localhost', 'root', 'root', 'Test_db');
$this->db->autocommit(FALSE);
}
// Destructor
function __destruct() {
$this->db->close();
}
// Main method
function MyFun() {
// Check for required parameters
if (isset($_POST["name"]) && isset($_POST["username"]) && isset($_POST["password"]) && isset($_POST["email"])) {
echo "Before \n";
$name = $_POST["name"];
$username = $_POST["username"];
$password = $_POST["password"];
$email = $_POST["email"];
$activation = 0;
echo "After \n";
// tracking
$stmt = $this->db->prepare("INSERT INTO users (name, username, password, email,activation) VALUES (?, ?, ?, ?, ?)");
$stmt->bind_param("is", $name, $username, $password, $email, $activation); //Line 95
$stmt->execute();
$stmt->close();
}
Output:
Before
After
Invalid request
MAMP Console:
[15-Apr-2011 15:09:10] PHP Warning: mysqli_stmt::bind_param() [<a href='function.mysqli-stmt-bind-param'>function.mysqli-stmt-bind-param</a>]: Number of elements in type definition string doesn't match number of bind variables in /Applications/MAMP/htdocs/Test/reg.php on line 95
The number is the same but I don't know why this error appears
$stmt->bind_param("is", $name, $username, $password, $email, $activation);
Your "definition" string ("is") contains only two definitions, integer and string ... you should have 5 in there.
$stmt->bind_param("sssss", $name, $username, $password, $email, $activation);
... for example ...
You are only having five ? placeholders in your query, yet you're trying to bing six values to the query.
$stmt->bind_param("is", $name, $username, $password, $email, $activation);
"is"
$name
$username
$password
$email
$activation
The format you are giving does only contain 2 definition, yet it must contain 5 to match your query. Try "sssss".
The "is" is the sixth variable, I suggest you remove this or add the field name in the statement:
$stmt->bind_param("is", $name, $username, $password, $email, $activation);
Either remove from bind_param:
$stmt = $this->db->prepare("INSERT INTO users (name, username, password, email,activation) VALUES (?, ?, ?, ?, ?)");
$stmt->bind_param($name, $username, $password, $email, $activation);
or add to field names:
$stmt = $this->db->prepare("INSERT INTO users (**is**, name, username, password, email,activation) VALUES (?, ?, ?, ?, ?)");
$stmt->bind_param("**is**", $name, $username, $password, $email, $activation);
or
$stmt = $this->db->prepare("INSERT INTO users (name, username, password,
email,activation) VALUES (?, ?, ?, ?, ?)");
$stmt->bind_param("issss", $name, $username, $password, $email, $activation);