I have been breaking my head around this html/php/mysqli thing and I can't get it to work. I used several echo statements to see what type of error I am facing but nothing shows up when I am trying to post data into my database.
I have used echo $_POST['name of input']; , print_r($_POST); and only on the 1st one I can see my post. So I think it is posting correctly, right?!
I for some strange reason can't find the problem in my code. I have searched for quiet some time on the web but with little to no result.
This is my HTML:
<html>
<head><title>Test2017</title></head>
<body>
<form action="insert.php" method="post">
<table width="400" border="0" cellspacing="10">
<tr>
<td>voornaam:</td>
<td><input type="text" name="voornaam"></td>
</tr>
<tr>
<td>roepnaam</td>
<td><input type="text" name="roepnaam"></td>
</tr>
<tr>
<td>tussenvoegsel</td>
<td><input type="text" name="tussenvoegsel"></td>
</tr>
<tr>
<td>achternaam</td>
<td><input type="text" name="achternaam"></td>
</tr>
<tr>
<td><input type="submit" value="registreren!"></td>
</tr>
</table>
</form>
</body>
</html>
and this my insert.php, and also at the VALUES i have tried "''",'' and "" but non of that worked.
<?php
$connect=mysqli_connect("localhost","root","usbw","test");
//check connection
if (mysqli_connect_errno()){
echo 'Failed to connect to MySQL:' . mysqli_connect_error();
}
$voornaam= mysqli_real_escape_string($connect, $_POST['voornaam']);
$roepnaam= mysqli_real_escape_string($connect, $_POST['roepnaam']);
$tussenvoegsel= mysqli_real_escape_string($connect, $_POST['tussenvoegsel']);
$achternaam= mysqli_real_escape_string($connect, $_POST['achternaam']);
$sql="INSERT INTO user (voornaam,roepnaam,tussenvoegsel,achternaam) VALUES ('$voornaam','$roepnaam','$tussenvoegsel','$achternaam')";
if (!mysqli_query($connect,$sql)) {
die('Error: ' . mysqli_error($connect));
}
echo "1 record added";
mysqli_close($connect);
?>
You guys are my only help, because I am pulling my hair out for this.
Thank you in advance!
I have typed the HTML code first and I have pasted it everywhere else even in the database. So I would not have a problem like that. It is all lowercase.
I reformatted your original example to use a prepared statement, as this is safer for handling user generated input. I added a try catch around your code to attempt to raise visibility on whatever error you are running into
<?php
// ensure reporting for mysql is on.
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
try {
// Subbing out what you had for db connection to illustrate what each
// of those parameters should point to on your local db
$database = new mysqli('host', 'user', 'password', 'db_schema');
// guessing on whether these are strings.
$voornaam = filter_input(INPUT_POST, 'voornaam', FILTER_SANITIZE_STRING);
$roepnaam = filter_input(INPUT_POST, 'roepnaam', FILTER_SANITIZE_STRING);
$tussenvoegsel = filter_input(INPUT_POST, 'tussenvoegsel', FILTER_SANITIZE_STRING);
$achternaam = filter_input(INPUT_POST, 'achternaam', FILTER_SANITIZE_STRING);
// Formatting for readability, parameterized query
$query = "INSERT INTO user (
voornaam,
roepnaam,
tussenvoegsel,
achternaam
) VALUES ( ?, ?, ?, ?)";
// prepare query statement
$stmt = $database->prepare($query);
// bind parameters and types to statement
$stmt->bind_param('ssss', $voornaam, $roepnaam, $tussenvoegsel, $achternaam);
// execute
$stmt->execute();
echo 'Records added: ' . $stmt->affected_rows;
$stmt->close();
$database->close();
} catch (Exception $e) {
// basic print error to screen error handling, not ideal for
// anything other than testing :)
echo $e->getCode() . ' - ' . $e->getMessage();
}
Ok, we have probably totally confused you now, so try this
<?php
ini_set('display_errors', 1);
ini_set('log_errors',1);
error_reporting(E_ALL);
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$connect=mysqli_connect("localhost","root","usbw","test");
if (mysqli_connect_errno()){
echo 'Failed to connect to MySQL:' . mysqli_connect_error();
}
// using 4 ? one for each column value in the query
$sql="INSERT INTO user
(voornaam,roepnaam,tussenvoegsel,achternaam)
VALUES (?,?,?,?)";
$stmt = $connect->prepare($sql);
// pass the actual data for each parameter, in order
// the 'ssss' in this case denotes that all 4 params are strings
// they can be s=string, i=integer,b=blob, d=decimal
$stmt->bind_param('ssss',
$_POST['voornaam'],
$_POST['roepnaam'],
$_POST['tussenvoegsel'],
$_POST['achternaam']
);
$result = $stmt->execute();
if ( $result ) {
echo "1 record added";
} else {
echo $connect->error;
}
}
?>
Related
EDIT: Seems to be something with the database. We cant figure out what it is.
Im having a problem with storing data thats been put into the forms. I tested the query in MS SQL (we have to use that for school) but it doesnt seem to work once i put in my variables. So im guessing the problem comes from the variables. However im not sure about that because when i echo the $_POST variables it outputs strings like i want it to. But when i put it in the query it just wont store rit in my database. Would be great if someone could help me out with this.
HTML code:
<form action="registerSystem.php" method="post">
Email:
<input type="email" name="emailAdres" required> <br>
Naam:
<input type="text" name="naamGebruiker" required> <br>
Wachtwoord:
<input type="password" name="wachtwoordGebruiker" required> <br>
Herhaal wachtwoord:
<input type="password" name="bevestigWachtwoord" required> <br>
<input type="submit" value="Registreer">
</form>
Php code:
require "connect.php";
session_start();
GLOBAL $conn;
function createAccount(){
$email = $_POST['emailAdres'];
$username = $_POST['naamGebruiker'];
$wachtwoord = $_POST['wachtwoordGebruiker'];
GLOBAL $conn;
$hashed_pass = md5($wachtwoord);
$paypal = $email;
$subscription_start = date("Y:m:d");
$land = 'Nederland';
$query = $conn->prepare("INSERT INTO Customer (customer_mail_adress, name, paypal_account, subscription_start, subscription_end, password, country_name) "
."VALUES (:customer_mail_adres, :naam, :paypal, :subscription_start, null, :password, :country_name)");
$query->bindParam(':customer_mail_adres', $email);
$query->bindParam(':naam', $username);
$query->bindParam(':paypal', $paypal);
$query->bindParam(':subscription_start', $subscription_start);
$query->bindParam(':password', $hashed_pass);
$query->bindParam(':country_name', $land);
$conn->query($query);
}
if($_SERVER['REQUEST_METHOD'] === 'POST'){
//password check
if ($_POST['wachtwoordGebruiker'] == $_POST['bevestigWachtwoord']) {
createAccount();
header("location: loginSystem.php");
} else {
echo "De opgegeven wachtwoorden komen niet overeen!";
}
}?>
I have found where the problem is on your function.
The problem is here : VALUES (:customer_mail_adres, :naam, :paypal, :subscription_start, null, :password, :country_name)");
that null after :subscription_start is the problem, rather put a place holder in place then have a string that you will assign it value to null. then your query should work.
I'm not sure what datatype is subscription_end but I guess it should be date. and also use try catch block so that you can see when you have errors in your sql query. Also don't rush to reload the next page after running your query atleast but some delay on your header() so that you can print success message and see if its displaying then load next page
So this is how I updated your function.
<?php
require 'connect.php';
session_start();
GLOBAL $conn;
function createAccount()
{
$email = $_POST['emailAdres'];
$username = $_POST['naamGebruiker'];
$wachtwoord = $_POST['wachtwoordGebruiker'];
GLOBAL $conn;
$hashed_pass = md5($wachtwoord);
$paypal = $email;
$subscription_start = date("Y:m:d");
$land = 'Nederland';
$enddate = 'null';
try {
$query = $conn->prepare("INSERT INTO Customer (customer_mail_adress, name, paypal_account, subscription_start, subscription_end, password, country_name) " . "VALUES (:customer_mail_adres, :naam, :paypal, :subscription_start, :enddate, :password, :country_name)");
$query->bindParam(':customer_mail_adres', $email);
$query->bindParam(':naam', $username);
$query->bindParam(':paypal', $paypal);
$query->bindParam(':subscription_start', $subscription_start);
$query->bindParam(':password', $hashed_pass);
$query->bindParam(':country_name', $land);
$query->bindParam(':enddate', $enddate);
if ($query->execute()) {
echo "Done";
}
}
catch (PDOException $e) {
echo "error". $e->getMessage();
}
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
//password check
if ($_POST['wachtwoordGebruiker'] == $_POST['bevestigWachtwoord']) {
createAccount();
header("refresh:5;url=loginSystem.php");
} else {
echo "De opgegeven wachtwoorden komen niet overeen!";
}
}
?>
Hope this helps.
NB: Don't use md5(); to encrypt your passwords its no longer safe,
rather use php functions password_hash() and password_verify()
they are available on php.net for you to read and understand them.
$query = $conn->prepare("INSERT INTO Customer (customer_mail_adress, name, paypal_account, subscription_start, subscription_end, password, country_name)"
." VALUES (:customer_mail_adres, :naam, :paypal, :subscription_start, null, :password, :country_name)");
$query->bindParam(':customer_mail_adres', $email);
$query->bindParam(':naam', $username);
$query->bindParam(':paypal', $paypal);
$query->bindParam(':subscription_start', $subscription_start);
$query->bindParam(':password', $hashed_pass);
$query->bindParam(':country_name', $land);
$query->execute();
What I've changed here is $conn->query($query); to $query->execute(). Because you're working with prepared statements, you need to call execute method of the object instance of prepared statement $query.
$conn->query($sql) is commonly used when only retrieving results with SELECT query which doesn't contain filtering conditions that receive data from user inputs.
For your information, as a best practice, wrap up the code with try catch blocks which helps you handle the errors.
try {
$query = $conn->prepare("INSERT INTO Customer (customer_mail_adress, name, paypal_account, subscription_start, subscription_end, password, country_name)"
." VALUES (:customer_mail_adres, :naam, :paypal, :subscription_start, null, :password, :country_name)");
$query->bindParam(':customer_mail_adres', $email);
$query->bindParam(':naam', $username);
$query->bindParam(':paypal', $paypal);
$query->bindParam(':subscription_start', $subscription_start);
$query->bindParam(':password', $hashed_pass);
$query->bindParam(':country_name', $land);
$query->execute();
} catch (PDOException $ex) {
echo $ex->getMessage(); // or die($ex->getMessage());
}
Before using try catch blocks, set the PDO's error reporting to exception:
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
Set this attribute as soon as you created the PDO object instance.
You can also set this attribute during the object instantiation through constructor like:
$conn = new PDO('mysql:host=localhost;dbname=demo', 'root', 'password', array(
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION
));
Hope it helps!
Getting an error of
"Error: 1
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1' at line 1"
Please help guys, Many thanks in advance.
Code:
<?php
include('head.php');
if(isset($_POST['submit']))
{
$userid = trim($_POST['userid']);
$email = trim($_POST['email']);
$mobile = trim($_POST['mobile']);
$sql = mysqli_query($conn,"INSERT INTO forgot(userid,email,mobile)VALUES ('$userid','$email','$mobile')");
if (mysqli_query($conn,$sql))
{
echo "We will Contact you Soon.<br>";
}
else
{
echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}
}
?>
<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>******</title>
<link href="forum-styles.css" rel="stylesheet" type="text/css">
</head>
<style type="text/css">
.txtField {
padding: 5px;
border:#fedc4d 1px solid;
border-radius:4px;
}
</style>
<body background="img/gold-and-money.jpg">
<form action="" method="post" class="basic-grey">
<h1>****** Forgot Password
<span>Please let us know your UserId, We will reset password and inform you.</span> </h1>
<label>
<span>User Id :</span>
<input type="text" name="userid" required />
</label>
<label>
<span>Mobile N. :</span>
<input type="text" name="mobile" required/>
</label>
<label>
<span>Email Id :</span>
<input type="text" name="email" required/>
</label>
<label>
<div align="right"><span> </span>
<input type="submit" class="button" value="Submit" name="submit"/>
</div>
</label>
</form>
</body>
</html>
$sql = mysqli_query($conn,"INSERT INTO forgot(userid,email,mobile)VALUES ('$userid','$email','$mobile')");
if (mysqli_query($conn,$sql))
{
echo "We will Contact you Soon.<br>";
}
You've got two calls here to mysqli_query. The first time, you're making the query and assigning the return value to $sql; the second time, you're running $sql as a query.
To fix the immediate problem, do something along the lines of:
$sql = "INSERT INTO forgot(userid,email,mobile)VALUES ('$userid','$email','$mobile')";
if (mysqli_query($conn,$sql))
{
echo "We will Contact you Soon.<br>";
}
You're assigning your query to a string, and then using that in your query. This makes debugging things easier, as you can now output your generated query to check what you're producing.
However
You're also passing user-generated data directly into an SQL query, without escaping it. This is very bad - at best, you're going to have a problem if some of the data contains apostrophes. At worst, your database will get hacked. One solution here is to use escaping, as Fred suggested, using mysqli_real_escape_string:
$userid = mysqli_real_escape_string($conn, $_POST['userid']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$mobile = mysqli_real_escape_string($conn, $_POST['mobile']);
I'd suggest also looking at using bound parameters and a prepared statement instead, for added extra security.
Use prepared statements, or PDO with prepared statements, they're much safer.
#andrewsi answered correct: "You're running your query twice. The first time, you're assigning the result to $sql; the second time, you're trying to run that result as a query."
#andrewsi, you r running your query twice and your your query contains variables which you have make them as literals. so code would be like this:
$sql ="INSERT INTO forgot(userid,email,mobile)VALUES ($userid,$email,$mobile)";
if (mysqli_query($conn,$sql))
{
echo "We will Contact you Soon.<br>";
}
else
{
echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}
}
I hope this will help you.
Here is a basic example. Check where you have a turn. Always keep follow the standard way of coding.
<?php
$mysqli = new mysqli("localhost", "my_user", "my_password", "world");
/* check connection */
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
$mysqli->query("CREATE TABLE myCity LIKE City");
$query = "INSERT INTO myCity VALUES (NULL, 'Stuttgart', 'DEU', 'Stuttgart', 617000)";
$mysqli->query($query);
printf ("New Record has id %d.\n", $mysqli->insert_id);
/* drop table */
$mysqli->query("DROP TABLE myCity");
/* close connection */
$mysqli->close();
?>
Ankit, their are few things to take care of while coding the queries, instead of explaining them, I will try to rewrite the query:
$query = sprintf("INSERT INTO forgot('userid','email','mobile')
VALUES ('%s', '%s', '%s')"
, mysqli_real_escape_string( $con, $_POST['userid'] )
, mysqli_real_escape_string( $con, $_POST['email'] )
, mysqli_real_escape_string( $con, $_POST['mobile'] ));
if (mysqli_query($dbConnection, $query)) {
echo "Successfully inserted" . mysqli_affected_rows($conn) . " row";
} else {
echo "Error occurred: " . mysqli_error($dbConnection);
}
if in case, userid is the integer, convert the userid to int as follows before creating the $query:
$userid = (int)$_POST['userid'];
$sql = "INSERT INTO forgot(userid,email,mobile)VALUES ('$userid','$email','$mobile')";
if (mysqli_query($conn,$sql))
{
echo "We will Contact you Soon.<br>";
}
else
{
echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}
It will work.
Referring to this topic: Display error message if value not found mysql,
I tried to understand what's the correct method to achieved it, my current code show's me the result from database query but when I put some value that not in database, it just doesn't show the error message or any php coding error.
Here is my php code:
error_reporting(E_ALL); ini_set('display_errors', 1);
require_once 'dbconnect.php';
$name = $_POST['name'];
try {
$conn = new PDO("mysql:host=$host;dbname=$dbname", $username, $password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "SELECT *
FROM customer
WHERE lname LIKE :name OR
fname LIKE :name OR
number LIKE :name";
$q = $conn->prepare($sql);
$q->execute(array('name' => $name));
$q->setFetchMode(PDO::FETCH_ASSOC);
} catch (PDOException $pe) {
die("Could not connect to the database $dbname :" . $pe->getMessage());
}
and here is my html view:
<tbody>
<?php
$cs = $q->fetchAll();
if ( $cs === FALSE ) {
echo "The search of $name return no result";
} else {
foreach($cs as $r): ?>
<tr>
<td><?php echo htmlspecialchars($r['fname']), ' ', htmlspecialchars($r['lname']) ?></td>
<td><?php echo htmlspecialchars($r['number']) ?></td>
<td>View Profile</td>
</tr>
<?php endforeach;
} ?>
</tbody>
Kindly advise where did I go wrong?
Technically, nothing is failing with the query itself, so fetchAll() won't return false. What it will do, when you run a query that returns no results, is return an empty array.
In this case, you can alter your if statement to read: if ($cs === false || empty($cs)) {. Alternatively, you can use if (!$cs) { to allow PHP to interpret falsey values, like an empty array.
Source: PDOStatement::fetchAll()
I need to do an school assigment and I have run into quite few problems, but I don't understand why the code below gives empty values to the table. Only NOW() gets inserted into
the table, otherwise it says Query Empty or something like that. I had the same code on different page and with different table and it worked like a charm.
Regards,
Werner.
<?php
$dbhost = 'localhost';
$dbuser = '';
$dbpass = '';
$pnimi =$_REQUEST['pitsa_nimi'];
$id =$_REQUEST['pitsatyybinimi'];
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
$sql = 'INSERT INTO tellimused_pitsad '.
'(pitsa_nimi,aeg,toidutyybi_id)'.
"VALUES ( '$pnimi', NOW(), '$id' )";
mysql_select_db('carl.reinomagi');
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
die('Could not enter data: ' . mysql_error());
}
echo mysql_error();
echo "Entered data successfully\n";
mysql_close($conn);
header("location:tellimine.php");
?>
This is the previous page ( ordering ) code :
<?php
$tulemus = mysql_query("SELECT * FROM pitsad, pitsatyybid WHERE pitsad.toidutyybi_id = pitsatyybid.id", $dbhandle);
while ($row = mysql_fetch_assoc($tulemus))
{
?>
<tr><form action="telli.php">
<td><? echo $row['pitsa_nimi']; ?></td>
<td><? echo $row['hind']; ?></td>
<td><? echo $row['valmimisaeg']; ?> Minutit</td>
<td><? echo $row['pitsatyybinimi']; ?></td>
<td>
<input type="submit" value="TELLI"/>
</form></td>
</tr>
<?php
}
?>
</table>
Please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.
Here's a better example using PDO. This code is completely safe against SQL Injection, and is better than using mysql_* functions.
Make sure to read the comments and understand the code.
This is not copy/paste ready code!!
<?php
# Database Connection #
try {
$conn = new PDO("mysql:host=localhost;dbname=carl.reinomagi", "root", ""); //Please consider having different credentials.
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); //Throw Exceptions on errors - This disables the need to check for errors, see the catch block below.
$conn->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); //True prepared statements.
## Prepreations ##
$pnimi = $_POST["pitsa_nimi"];
$id = $_POST["pitsatyybinimi"]; //Please use $_POST or $_GET rather than $_REQUEST
## Data validation ##
if (empty($pnimi) || empty($id)) {
//One of the variables is empty, return an error to the user.
}
//Few things about this:
//Note the `backticks` around table and column names. This helps readability.
//Also note the placeholders :pnimi and :id, those placeholders for the prepared statement.
$query = "INSERT INTO `tellimused_pitsad` (`pitsa_nimi`, `aeg`, `toibutyybi_id`) VALUES (:pnimi, NOW(), :id);";
$statement = $stmt->prepare($query);
$statement->bindValue(":pnimi", $pnimi); //Bind the values to the placeholders
$statement->bindValue("id", $id);
$statement->execute();
header("Location: tellimine.php");
}
catch (PDOException $e) {
echo "An error has occured! " . $e->getMessage(); //Echo a generic error to all mysql error messages.
}
I am trying to write some information into an SQL database from my website using PHP. I can access the database to login, however I can not write anything to it from my website. Also, I can not view any connection errors.
Form Page:
<?php
$dbh = new PDO('mysql:host='.$hostname.';dbname='.$dbname, $user, $pass);
if (!$dbh) { die('Could not connect: ' . mysql_error()); }else echo 'connected';echo '<br>';
if(isset($_COOKIE['username']))
?>
<div id="imagel">
<img class="imagel" src="../images/logos/logo2.jpg" width="300" height="300" alt="studio table" />
</div>
<div id="textr">
<form name="tableofevents" method="post" action="adminhome.php">
Name of Event(Maximum of 83 characters): <input type="text" name="noe"/>
<br>
Event Description (Maximum of 288 characters): <input type="text" name="eventdescription"/>
<br>
Date of Event: <input type="text" name="date"/>
<br>
Ticket Price: <input type="text" name="price"/>
<br>
<input type="submit" name="submit" text="submit"/>
</form>
Processing Page:
<?php
$hostname = 'localhost';
$user='******';
$pass='***********';
$dbname='sth420';
$handler = new PDO('mysql:host='.$hostname.';dbname='.$dbname,$user,$pass);
$dbh = mysql_connect ($hostname.';dbname='.$dbname, $user, $pass);
if (!$dbh) { die('Could not connect: ' . mysql_error()); }
else echo 'connected';echo '<br>';
if(isset($_COOKIE['username']))
{
$username=$_COOKIE['username'];
$password=$_COOKIE['password'];
$sql='SELECT * FROM Users WHERE ID=:id';
$results = $handler->prepare($sql);
$results->execute([':id' => $username]);
$row = $results->fetch();
if($row!=null)
{
$pword = $row['Password'];
if($pword == $password)
{
if(isset($_POST['submit']))
{
$noe=$_POST['noe'];
$ed=$_POST['eventdescription'];
$date=$_POST['date'];
$price=$_POST['price'];
$sql='INSERT INTO ismievents ( title, evtdesc, dandt, price ) VALUES(0, :noe, :eventdescription, :date, :price)';
mysql_error()
$results = $handler->prepare($sql);
$results->execute([':noe' => $noe, ':eventdescription' => $ed, ':date' => $date, ':price' => $price]);
$handler = null;
header('Location: events.html');
}
}
}
}
if (!mysql_query($sql,$dbh))
{
die('Error: ' . mysql_error());
}
echo "1 record added";
mysql_close($dbh);
require_once('adminhome.html');
?>
You are mixing PDO and mysql_connect(). That is invalid, as they are incompatible APIs. Remove all references to mysql_*() and stick only with your PDO statements. You have basically duplicated every PDO statement with an incorrect call to mysql_query() but you should have none of mysql_connect(), mysql_query(), mysql_error(), mysql_fetch_*().
Refer to the manual on PDO prepared statements to see the many examples.
I see a mismatch between column counts here. You list 4 columns, but the VALUES () list contains 5:
// Prepared statemetn looks ok...
$sql='INSERT INTO ismievents ( title, evtdesc, dandt, price ) VALUES(0, :noe, :eventdescription, :date, :price)';
// But this is meaningless here...
mysql_error()
I note also that you are using PHP 5.4 array literals like:
$results->execute([':noe' => $noe, ':eventdescription' => $ed, ':date' => $date, ':price' => $price]);
Hopefully you are actually running this code in PHP 5.4.
Really, you need to take this code back to the drawing board to purge it of the incompatibilities between PDO and mysql_*(). After that, you will be able to narrow down other problems with it.
A final note here, it is really inadvisable to store a password in $_COOKIE. On a successful login, instead store a logged in state in $_SESSION.