Inserting form data and adding 1 day - php

I have a function that inserts into a users table, I want to know if it is possible to -1 day from the "dob" and insert into reminder column through the function
public function AddUser($email, $name, $dob)
{
try {
$db = DB();
$query = $db->prepare("INSERT INTO users(email, name, dob, reminder) VALUES (:email, :name, :dob, :reminder)");
$query->bindParam("email", $email, PDO::PARAM_STR);
$query->bindParam("name", $name, PDO::PARAM_STR);
$query->bindParam("dob", $dob, PDO::PARAM_STR);
$query->bindParam("reminder", $dob, PDO::PARAM_STR);
$query->execute();
return $db->lastInsertId();
} catch (PDOException $e) {
exit($e->getMessage());
}
}
Is there anything I can do with this line to do it on INSERT
Something along the lines of
$query->bindParam("reminder", $dob DATE_ADD(now(), INTERVAL -1 DAY)); PDO::PARAM_STR);
If this is not possible could you please give me some pointers


Youn should use the :remainder in mysql date_add function eg:
$query = $db->prepare("INSERT INTO users(email, name, dob, reminder)
VALUES (:email, :name, :dob, DATE_ADD(:reminder, INTERVAL -1 DAY) )");
$query->bindParam("email", $email, PDO::PARAM_STR);
$query->bindParam("name", $name, PDO::PARAM_STR);
$query->bindParam("dob", $dob, PDO::PARAM_STR);
$query->bindParam("reminder", $dob, PDO::PARAM_STR);

Related

Someone kindly help me here: SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens

public function register($uname,$age,$sex,$image,$dpart,$joind,$job,$uposition,$phone,$umail,$upass,
$unumber,$address,$nssf,$bank,$passp,$home,$village,$nation,$permit)
{
try
{
$new_password = password_hash($upass, PASSWORD_DEFAULT);
$stmt = $this->conn->prepare("INSERT INTO users(user_name,birth,gender,image,job_title,curr_position,telephone,department,joining_date,user_email,user_pass,box_number,residence,nssf_number,bank_account,passport_number,home_district,village,nationality,work_permit)
VALUES(:uname,:age,:sex,:image,:dpart,:joind,:job,:uposition,:phone,:umail,:upass,:unumber,:nssf,:bank,:passp,:home,:village,:nation,:permit)");
$stmt->bindparam(":uname",$uname);
$stmt->bindparam(":age",$age);
$stmt->bindparam(":sex",$sex);
$stmt->bindparam(":image",$image);
$stmt->bindparam(":dpart",$dpart);
$stmt->bindparam(":joind",$joind);
$stmt->bindparam(":job",$job);
$stmt->bindparam(":uposition",$uposition);
$stmt->bindparam(":phone",$phone);
$stmt->bindparam(":umail",$umail);
$stmt->bindparam(":upass",$new_password);
$stmt->bindparam(":unumber",$unumber);
$stmt->bindparam(":address",$address);
$stmt->bindparam(":nssf",$nssf);
$stmt->bindparam(":bank",$bank);
$stmt->bindparam(":passp",$passp);
$stmt->bindparam(":home",$home);
$stmt->bindparam(":village",$village);
$stmt->bindparam(":nation",$nation);
$stmt->bindparam(":permit",$permit);
$stmt->execute();
return $stmt;
}
catch(PDOException $e)
{
echo $e->getMessage();
}
}

I'm posting this as a community wiki answer, since there shouldn't be any rep from this, nor do I want rep from it; given an answer that can't determine which one is missing.
It's the one for $stmt->bindparam(":address",$address); that is missing in the VALUES().
Also make sure that all variables do contain value.
PHP's error reporting will be of help:
http://php.net/manual/en/function.error-reporting.php
Side note: Using a code editor that automatically finds matching words when double-clicked and using the same naming convention would have helped you greatly.
One (free) of which that has option, is Notepad++.

Your sql statement is inconsistent: the table columns and the values
to insert don't correspond. For example, in a curr_position field
you are trying to insert a value of :joind, etc.
Also, in terms of number, the columns and the values to insert don't
coincide: 19 values to insert in 20 fields.
Recommendations:
My recommendation would be to always use column names for the marker names. Then you know exactly to which markers you are inserting the corresponding values.
NB: Markers: "...VALUES (:marker1, :marker2, ...);".
You should also define the type of input parameteres that you are binding. Example:
$stmt->bindparam(":age", $age, PDO::PARAM_INT);
Try to maintain some consistency between the function parameters and the field names, if it's possible and... makes sense.
My code proposal would look like this:
<?php
public function register(
$userName
, $birth
, $gender
, $image
, $jobTitle
, $currPosition
, $telephone
, $department
, $joiningDate
, $userEmail
, $userPass
, $boxNumber
, $residence
, $nssfNumber
, $bankAccount
, $passportNumber
, $homeDistrict
, $village
, $nationality
, $workPermit
) {
try {
$newUserPassword = password_hash($userPass, PASSWORD_DEFAULT);
$stmt = $this->conn->prepare('INSERT INTO users (
user_name,
birth,
gender,
image,
job_title,
curr_position,
telephone,
department,
joining_date,
user_email,
user_pass,
box_number,
residence,
nssf_number,
bank_account,
passport_number,
home_district,
village,
nationality,
work_permit
) VALUES (
:user_name,
:birth,
:gender,
:image,
:job_title,
:curr_position,
:telephone,
:department,
:joining_date,
:user_email,
:user_pass,
:box_number,
:residence,
:nssf_number,
:bank_account,
:passport_number,
:home_district,
:village,
:nationality,
:work_permit
)');
$stmt->bindparam(":user_name", $userName, PDO::PARAM_STR);
$stmt->bindparam(":birth", $birth, PDO::PARAM_INT);
$stmt->bindparam(":gender", $gender, PDO::PARAM_STR);
$stmt->bindparam(":image", $image, PDO::PARAM_STR);
$stmt->bindparam(":job_title", $jobTitle, PDO::PARAM_STR);
$stmt->bindparam(":curr_position", $currPosition, PDO::PARAM_STR);
$stmt->bindparam(":telephone", $telephone, PDO::PARAM_STR);
$stmt->bindparam(":department", $department, PDO::PARAM_STR);
$stmt->bindparam(":joining_date", $joiningDate, PDO::PARAM_STR);
$stmt->bindparam(":user_email", $userEmail, PDO::PARAM_STR);
$stmt->bindparam(":user_pass", $newUserPassword, PDO::PARAM_STR);
$stmt->bindparam(":box_number", $boxNumber, PDO::PARAM_INT);
$stmt->bindparam(":residence", $residence, PDO::PARAM_STR);
$stmt->bindparam(":nssf_number", $nssfNumber, PDO::PARAM_INT);
$stmt->bindparam(":bank_account", $bankAccount, PDO::PARAM_STR);
$stmt->bindparam(":passport_number", $passportNumber, PDO::PARAM_STR);
$stmt->bindparam(":home_district", $homeDistrict, PDO::PARAM_STR);
$stmt->bindparam(":village", $village, PDO::PARAM_STR);
$stmt->bindparam(":nationality", $nationality, PDO::PARAM_STR);
$stmt->bindparam(":work_permit", $workPermit, PDO::PARAM_STR);
$stmt->execute();
return $stmt;
} catch (PDOException $e) {
echo $e->getMessage();
}
}
Good luck!

Thank you all for your efforts and input i figured out the problem actually was this one:
$stmt->bindParam("userPass", $newUserPassword, PDO::PARAM_STR);
which had to be changed to this:
$stmt->bindParam("userPass", $userPass, PDO::PARAM_STR);
I was trying to use a parameter that i had not defined all because i di this:
$newUserPassword = password_hash($userPass, PASSWORD_DEFAULT);
So I thought of replacing it in the bindParameters....Hope it helps other!

inserting mutltiple form data via php into multiple mysql tables

Still very new to php but learning quickly. I have two forms that gather data that is then passed to a php function. All the data from both forms is making it to the php file as I am echoing the values to be sure.
My issue is the first table is updated correctly without any issues but the second table is not updated.
Here is the code in question
private function registerNewUser($user_name, $user_email, $user_password, $user_password_repeat, $captcha, $user_type, $first_name)
....
// write new users data into database
$query_new_user_insert = $this->db_connection->prepare('INSERT INTO users (user_name, user_password_hash, user_email, user_activation_hash, user_registration_ip, user_registration_datetime, user_type) VALUES(:user_name, :user_password_hash, :user_email, :user_activation_hash, :user_registration_ip, now(), :user_type)');
$query_new_user_insert->bindValue(':user_name', $user_name, PDO::PARAM_STR);
$query_new_user_insert->bindValue(':user_password_hash', $user_password_hash, PDO::PARAM_STR);
$query_new_user_insert->bindValue(':user_email', $user_email, PDO::PARAM_STR);
$query_new_user_insert->bindValue(':user_activation_hash', $user_activation_hash, PDO::PARAM_STR);
$query_new_user_insert->bindValue(':user_registration_ip', $_SERVER['REMOTE_ADDR'], PDO::PARAM_STR);
$query_new_user_insert->bindValue(':user_type', $user_type, PDO::PARAM_STR);
$query_new_user_insert->execute();
// id of new user
$id = $this->db_connection->lastInsertId();
echo $first_name;
echo $user_email;
echo $id;
// attempt at writing to additional table
$this->db_connection->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING );
$query_new_user_insert2 = $this->db_connection->prepare('INSERT INTO C_Customer (First_Name, Email_Address, Created_Date, id) VALUES(:first_name, :user_email, now() :id');
$query_new_user_insert2->bindValue(':first_name', $first_name, PDO::PARAM_STR);
$query_new_user_insert2->bindValue(':user_email', $user_email, PDO::PARAM_STR);
$query_new_user_insert2->bindValue(':id', $id, PDO::PARAM_INT);
$query_new_user_insert2->execute();
$query_new_user_insert works as the table is updated
$query_new_user_insert2 does not work as the table C_Customers contains no data.

On second query, you forgot to put comma between now() and :id. Also, you forgot to put closing bracket.
prepare('INSERT INTO C_Customer (First_Name, Email_Address, Created_Date, id) VALUES(:first_name, :user_email, now() :id')
should be
prepare('INSERT INTO C_Customer (First_Name, Email_Address, Created_Date, id) VALUES(:first_name, :user_email, now(), :id)');
Another typo :) hope it helps.

PDO Insert Error: SQLSTATE[HY093]: Invalid parameter number: parameter was not defined

I haven't been able to find a solution to the error I'm receiving when trying to do a PDO insert. I keep getting the error
SQLSTATE[HY093]: Invalid parameter number: parameter was not defined
Here is my code:
try{
$STH = $DBH->prepare("INSERT INTO members (fname, mname, lname, gender, dob, id, nation,
mstatus, mobile, tel, address, county, email, o_email, residence, sacco, nk_name, relationship, age,
nk_id, nk_tel, nk_address, photo, idlink) VALUES (:fname, :mname, :lname, :gender, :dob, :id, :nation,
:mstatus, :mobile, :tel, :address, :county, :email, :o_email, :residence, :sacco, :nk_name, :relationship, :age,
:nk_id, :nk_tel, :nk_address, :photo, :idlink)");
Here is where I add bindValues (I'm only doing this because StackOverflow doesn't allow large codeblocks)
$STH->bindValue(1, $_POST['fname'], PDO::PARAM_STR);
$STH->bindValue(2, $_POST['mname'], PDO::PARAM_STR);
$STH->bindValue(3, $_POST['lname'], PDO::PARAM_STR);
$STH->bindValue(4, $_POST['gender'], PDO::PARAM_STR);
$STH->bindValue(5, $_POST['dob'], PDO::PARAM_STR);
$STH->bindValue(6, $_POST['id'], PDO::PARAM_STR);
$STH->bindValue(7, $_POST['nation'], PDO::PARAM_STR);
$STH->bindValue(8, $_POST['mstatus'], PDO::PARAM_STR);
$STH->bindValue(9, $_POST['mobile'], PDO::PARAM_STR);
$STH->bindValue(10, $_POST['tel'], PDO::PARAM_STR);
$STH->bindValue(11, $_POST['address'], PDO::PARAM_STR);
$STH->bindValue(12, $_POST['county'], PDO::PARAM_STR);
$STH->bindValue(13, $_POST['email'], PDO::PARAM_STR);
$STH->bindValue(14, $_POST['o_email'], PDO::PARAM_STR);
$STH->bindValue(15, $_POST['residence'], PDO::PARAM_STR);
$STH->bindValue(16, $_POST['sacco'], PDO::PARAM_STR);
$STH->bindValue(17, $_POST['nk_name'], PDO::PARAM_STR);
$STH->bindValue(18, $_POST['relationship'], PDO::PARAM_STR);
$STH->bindValue(19, $_POST['age'], PDO::PARAM_INT);
$STH->bindValue(20, $_POST['nk_id'], PDO::PARAM_STR);
$STH->bindValue(21, $_POST['nk_tel'], PDO::PARAM_STR);
$STH->bindValue(22, $_POST['nk_address'], PDO::PARAM_STR);
$STH->bindValue(23, $_POST['photo'], PDO::PARAM_STR);
$STH->bindValue(24, $_POST['idlink'], PDO::PARAM_STR);
$STH->execute();
}
catch (PDOException $e) {
echo "DataBase Error: The member could not be added.<br>".$e->getMessage();
} catch (Exception $e) {
echo "General Error: The member could not be added.<br>".$e->getMessage();
}

There are two ways to fix them up.. (Choose any one case , you can't use both together)
Case 1: Named placeholders
$STH->bindValue(':fname', $_POST['fname'], PDO::PARAM_STR);
$STH->bindValue(':mname', $_POST['mname'], PDO::PARAM_STR);
$STH->bindValue(':lname', $_POST['lname'], PDO::PARAM_STR);
//...
//.. so on..
Case 2: Question mark placeholders
try{
$STH = $DBH->prepare("INSERT INTO members (fname, mname, lname, gender, dob, id, nation,
mstatus, mobile, tel, address, county, email, o_email, residence, sacco, nk_name, relationship, age,
nk_id, nk_tel, nk_address, photo, idlink) VALUES (?,?,?,?,?,
// .. so on.. (note the ? symbols...)

PDO prepared statement and bindValues from an array

I have the following block of code in a PDO statement:
$stmt = $db->prepare("INSERT INTO first_page_data (title, first_name, surname, phone, email, add1, add2, add3, add4, add5) VALUES(?,?,?,?,?,?,?,?,?,?)");
$stmt->bindValue(1, $_POST['title'], PDO::PARAM_STR);
$stmt->bindValue(2, $_POST['first_name'], PDO::PARAM_STR);
$stmt->bindValue(3, $_POST['surname'], PDO::PARAM_STR);
$stmt->bindValue(4, $_POST['phone'], PDO::PARAM_INT);
$stmt->bindValue(5, $_POST['email'], PDO::PARAM_STR);
$stmt->bindValue(6, $_POST['add1'], PDO::PARAM_STR);
$stmt->bindValue(7, $_POST['add2'], PDO::PARAM_STR);
$stmt->bindValue(8, $_POST['add3'], PDO::PARAM_STR);
$stmt->bindValue(9, $_POST['add4'], PDO::PARAM_STR);
$stmt->bindValue(10, $_POST['add5'], PDO::PARAM_STR);
$stmt->execute();
$_SESSION['buyer_email'] = $_POST['email'];
Can these parameters (title, first_name, etc) be put into the bindValues using an array and a for each loop? I can get the prepare statement working by just having an array containing the titles but cant seem to get the variable names inside the $_POST values. It would save quite a few lines of code, but I cant quite get there!
The following is the array im using in the prepared statement that I want to use in the bind value loop:
$first = array('title','first_name','surname','phone','email','add1','add2','add3','add4','add5');

Just simply loop over $first and call bindValue for each one.
foreach($first as $key=>$val){
$stmt->bindValue($key+1, $_POST[$val], PDO::PARAM_STR);
}

Or you can use it like this:
$stmt = $db->prepare("INSERT INTO first_page_data (title, first_name, surname, phone, email, add1, add2, add3, add4, add5) VALUES(?,?,?,?,?,?,?,?,?,?)");
$stmt->execute($array);
The array would be like:
$array = array($_POST['title'],$_POST['first_name']);
or if you have the correct order already just
$array = $_POST;

Proper way to pass query data to methods?

I have a User class and I'm wondering what would be the "most recommended" way to handle insertions?
Option 1: Use an existing object
// insert a new user and return the user id
public function insert() {
$sql = "INSERT INTO users (username, password, email, avatar, subscribe, created, last_login, valid) VALUES
(?, ?, ?, ?, ?, ?, ?, ?)";
$sth = $this->db->prepare($sql);
$sth->bindParam(1, $this->username, PDO::PARAM_STR);
$sth->bindParam(2, $this->password, PDO::PARAM_STR);
$sth->bindParam(3, $this->email, PDO::PARAM_STR);
$sth->bindParam(4, $this->avatar, PDO::PARAM_STR);
$sth->bindParam(5, $this->subscribe, PDO::PARAM_STR);
$sth->bindParam(6, $this->created, PDO::PARAM_STR);
$sth->bindParam(7, $this->last_login, PDO::PARAM_STR);
$sth->bindParam(8, $this->valid, PDO::PARAM_STR);
$sth->execute();
return $this->db->lastInsertId();
}
Option 2: Pass the information in as an array
// insert a new user and return the user id
public function insert(array $fields = array()) {
if(!empty($fields)) {
$sql = "INSERT INTO users (username, password, email, avatar, subscribe, created, last_login, valid) VALUES
(:username, :password, :email, :avatar, :subscribe, :created, :last_login, :valid)";
$sth = $this->db->prepare($sql);
$sth->execute($fields);
return $this->db->lastInsertId();
}
}
Another option? Does it make any difference?

Both ways are okay but personally I suggest second option

Categories