This question already has answers here:
Why does this PDO statement silently fail?
(2 answers)
PHP's white screen of death [duplicate]
Closed 5 years ago.
I am new to using PDO and I am getting an http 500 server error when the form is submitted.
The php page with the processing code is in the correct folder so I don't know why its throwing up a 500 error.
There is NO url rewrite going on neither .
Here is my code:
try {
$dbh = new PDO("mysql:host=$hostname;dbname=crm",$username,$password);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); // <== add this line
$stmt = $db->prepare("INSERT INTO testdrives (forename, surname,phone,email,add1,add2,add3,city,county,postcode,car,date) VALUES (:forename, :surname,:phone,:email,:add1,:add2,:add3,:city,:county,:postcode,:car,:date)");
$stmt->bindParam(':forename', $_POST['forename']);
$stmt->bindParam(':surname', $_POST['surname']);
$stmt->bindParam(':phone', $_POST['phone']);
$stmt->bindParam(':email', $_POST['email']);
$stmt->bindParam(':add1', $_POST['add1']);
$stmt->bindParam(':add2', $_POST['add2']);
$stmt->bindParam(':add3', $_POST['add3']);
$stmt->bindParam(':city', $_POST['city']);
$stmt->bindParam(':county', $_POST['county']);
$stmt->bindParam(':postcode', $_POST['postcode']);
$stmt->bindParam(':car', $_POST['car']);
$stmt->bindParam(':date', $_POST['date']);
$stmt->execute();
if ($dbh->query($sql)) {
echo "<script type= 'text/javascript'>alert('New Record Inserted Successfully');</script>";
}
else{
echo "<script type= 'text/javascript'>alert('Data not successfully Inserted.');</script>";
}
$dbh = null;
}
catch(PDOException $e)
{
echo $e->getMessage();
}
Edit:
I missed the incorrect variable used for the connection being $dbh and $db in the prepare; my bad.
Original answer.
This line:
if ($dbh->query($sql)) {...}
is failing for two reasons:
Calling query() on what is already being prepared/executed.
Using a non-existant variable, $sql.
Get rid of that statement with the related brace and replace it with simply and replacing the $stmt->execute(); with:
if($stmt->execute()){
// success
} else{
// error
}
and using PDO's error handling (as you are doing now) and PHP's error reporting:
http://php.net/manual/en/pdo.error-handling.php
http://php.net/manual/en/function.error-reporting.php
Check your logs also.
Found the problem
The above code shows
$stmt = $db->prepare
Needed to be changed to
$stmt = $dbh->prepare
Thanks for help with the other issue
Quick question how to i insert into a table that has an auto increment column ?
Related
This question already has answers here:
How to prevent duplicate usernames when people register?
(4 answers)
Closed 27 days ago.
Hello so this is the message I get when inserting duplicate key Fatal error: Uncaught mysqli_sql_exception: Duplicate entry 'admin' for key 'username_2' in C:\xampp\htdocs\WMSU\ILS\actions\update\updateUserName.php:29 Stack trace: #0 C:\xampp\htdocs\WMSU\ILS\actions\update\updateUserName.php(29): mysqli_stmt->execute() #1 {main} thrown in C:\xampp\htdocs\WMSU\ILS\actions\update\updateUserName.php on line 29
and I want to display an error message the " username already exist" like how my successful message is working
This is my update execute query and the else statement doesn't read and doesn't show error message. the username is unique so there should be a display of error message when I input a duplicate key from the database
<?php
session_start();
include("../../functions/connectDatabase.php");
if(isset($_POST['updateadviserdata']))
{
//get input
$id=$mysqli->real_escape_string($_POST['update_id']);
$fn=$mysqli->real_escape_string($_POST['fname']);
$mn=$mysqli->real_escape_string($_POST['mname']);
$ln=$mysqli->real_escape_string($_POST['lname']);
$un=$mysqli->real_escape_string($_POST['username']);
//Prepared Statement
$stmt = $mysqli->prepare("UPDATE users SET `firstname`= ?,`middlename`= ?, `lastname`= ?, `username` = ? WHERE `user_id` =?");
//function for user activity
$stmtUA = $mysqli->prepare("INSERT into history (activity,user_id,date_added)
VALUES ('update name',?,NOW() )");
//bind parameter
$stmt->bind_param("ssssi", $fn, $mn, $ln, $un, $id );
$stmtUA->bind_param("i", $id);
//execute query
if($stmt->execute() && $stmtUA->execute()){
$_SESSION['success']= "successfully change username";
header('Location: ../../adviseraccount.php');
} else {
$_SESSION['error'] ="Username already exists";
header('Location: ../../adviseraccount.php');
}
//close prepare statement
$stmt->close();
$stmtUA->close();
}
The success message is showing and working perfectly fine but the error message won't show and show me a fatal error instead what did I do wrong? I'm really new into prepared statement and i'm a beginner so I don't know if I'm doing it right, the username key from the table is set to unique and the error message is working fine before making it into prepared statement with this update execute query
I've tried the mysqli_errno == 1062 but it's not also working any help appreciated so much thank you I've been also trying everything I found on internet but still show the fatal error message
this is the connect database mysqli
<?php
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
DEFINE('HOST', 'localhost');
DEFINE('USERNAME','root');
DEFINE('PASSWORD', '');
DEFINE('DATABASE', 'mafuyu');
//create conncection string
$mysqli = new mysqli(HOST, USERNAME, PASSWORD, DATABASE);
//check connection
if ($mysqli->connect_error){
die("Connection failed:" . $mysqli->connect_error );
}
$mysqli->set_charset("utf8mb4");
NOTE: the success message is working properly when i change the username if there is no duplicate entry
Use $stmt->errno to get the SQL error code.
if($stmt->execute()){
$_SESSION['success']= "successfully change username";
} else{
if ($stmt->errno == 1062) {
$_SESSION['error'] ="Username already exists";
else {
$_SESSION['error'] = $stmt->error;
}
}
header('Location: ../../adviser account.php');
Since you're redirecting to the same URL in all cases, there's no need for that to be in the if/else statements.
This question already has answers here:
Why does this PDO statement silently fail?
(2 answers)
Closed last year.
I have an insert statement that is executed with PDO. Insert works great however if there is an error I would like it displayed to the user.
I have the below try-catch block.
try{
$insertuser = $db->prepare('INSERT INTO `she_she`.`Persons` (`idnumber`,`addedby`,`firstname`, `middlename`, `surname`, `fullname`, `gender`, `birthdate`, `homelanguage`, `department`, `employeetype`, `employeestatus`) VALUES (?,?,?,?,?,?,?,?,?,?,?,?)');
$insertuser->execute(array($idnumber,$user,$firstname, $middlename, $surname, $fullname, $gender, $birthdate, $language, $department, $employmenttype, $personstatus));
}
catch(PDOException $exception){
return $exception;
}
If the query fails, or let's say a duplicate IDNumber, I want this displayed to the user.
If I simply try to echo the variable $exception it does not work.
I want to return the MySQL error to the user.
By default PDO is not in a state that will display errors. you need to provide the following in your DB connection
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
More info can be seen Here
1.Add ERRMODE_EXCEPTION mode after your db connection:
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
2.And than you must use try{} catch{} method for all your mysql query. Like this:
try {
$SQL = "DELETE FROM items WHERE item_id=:item_id";
$m = $dbh->prepare($SQL);
$m->bindParam(':item_id', $item_id, PDO::PARAM_INT);
$m->execute();
//success
$return = "Your success message.";
}
catch (PDOException $e) {
//error
$return = "Your fail message: " . $e->getMessage();
}
You should use this:
return $exception->getMessage();
See the page on the documentation of Exception class:
http://www.php.net/manual/en/exception.getmessage.php
This question already has answers here:
How to prevent duplicate usernames when people register?
(4 answers)
Closed 12 months ago.
I want to take email addresses from users to add them to a mailing list. However, I want to prevent duplicate entries, so I am using the INSERT IGNORE approach. I am using the PHP script below, but constantly receive this error:
Fatal error: Uncaught Error: Call to a member function bind_param() on bool
I've reviewed a LOT of SO articles on this error but still can't get it to work. I have confirmed that the $email and $id variables do have values. I suspect the error must have something to do with the use of IGNORE, but I honestly don't know.
Here's my code:
$email = filter_input(INPUT_POST, 'email',FILTER_SANITIZE_EMAIL);
$id = filter_input(INPUT_POST, 'id',FILTER_VALIDATE_INT) ?: NULL;
$sqlQuery = 'INSERT IGRNORE INTO email(email, id) VALUES(:email,:id);';
$stmt = $dbc->prepare($sqlQuery);
$stmt->bind_param(':email',$email);
$stmt->bind_param(':id',$id);
$stmt->execute();
mysqli_close($dbc);
I've tried including only one variable for the insert but I get the error against both bind_param lines. I also got the error when I had this structured to have both variables in a single bind_param entry.
I'm open to other ways of avoiding duplicate emails in the database, so long as they can be done with a single PHP file.
You are mixing PDO and mysqli syntax. You need to pick one.
PDO
Open the connection, execute the statement without IGNORE, and then catch the exception to see why it failed. The code 1062 means that MySQL tried to insert a duplicate value.
$pdo = new PDO("mysql:host=localhost;dbname=test;charset=utf8mb4", 'user', 'pass', [
\PDO::ATTR_ERRMODE => \PDO::ERRMODE_EXCEPTION,
\PDO::ATTR_EMULATE_PREPARES => false
]);
try {
$stmt = $pdo->prepare('INSERT INTO email(email, id) VALUES(:email,:id)');
$stmt->execute([
'email' => $email,
'id' => $id
]);
} catch (PDOException $e) {
if ($e->errorInfo[1] === 1062) {
// duplicate
} else {
// If not 1062 then rethrow
throw $e;
}
}
mysqli
Using mysqli it's a little bit more work, but the same logic. With mysqli you can't use named placeholders and you can't bind-in-execute. The bind_param() function is very peculiar so pay special attention to the syntax.
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$mysqli = new mysqli('localhost', 'user', 'pass', 'test');
$mysqli->set_charset('utf8mb4'); // always set the charset
try {
$stmt = $mysqli->prepare('INSERT INTO email(email, id) VALUES(?, ?)');
$stmt->bind_param('ss', $email, $id);
$stmt->execute();
} catch (mysqli_sql_exception $e) {
if ($e->getCode() === 1062) {
// duplicate
} else {
// If not 1062 then rethrow
throw $e;
}
}
This question already has answers here:
Why does this PDO statement silently fail?
(2 answers)
Reference - What does this error mean in PHP?
(38 answers)
Closed 3 years ago.
This is my try statement
$query = "DELETEh FROM supers WHERE id = :id";
try {
$stmt = $conn->prepare($query);
$stmt->bindValue(':id', $id);
$stmt->execute();
$_SESSION['notification'] = "Hero was deleted sucessfully";
}
and this is the rest of the code
catch(PDOException $e) {
$_SESSION['notification'] = "There was an error deleting hero: " . $e->getMessage();
}
header("Location: notification.php");
exit;
when this runs, it tells me that the hero was deleted successfully, even though it did not because there is an extra "h" after DELETE. Could anyone explain why is this not getting into the catch block please?
Most likely you didn't do
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
when you opened the PDO connection. The default is PDO::ERRMODE_SILENT. $conn->prepare() will return FALSE and you need to get the reason from $conn->errorCode() or $conn->errorInfo().
This question already has answers here:
Reference — frequently asked questions about PDO
(3 answers)
Closed 9 years ago.
I'm trying to insert values to mysql database, but for some reason this is not working. I can get it to work with normal PHP but I have been told that PDO would be safer to use. This is the code I use, the values are posted to the php file, but not updated to mysql. What could be the reason for that?
<?php
include 'config.php';
// database connection
$conn = new PDO("mysql:host=$dbhost;dbname=$dbname",$dbuser,$dbpass);
// new data
$value1 = $_POST["value1"];
$value2 = $_POST["value2"];
$value3 = $_POST["value3"];
$value4 = $_POST["value4"];
// query
$sql = "INSERT INTO `database`.`table`
(`id`, `value1`, `value2`, `value3`, `value4`, `timeStamp`)
VALUES (NULL, ?, ?, ?, ?, CURRENT_TIMESTAMP)";
$q = $conn->prepare($sql);
$q->execute(array($value1, $value2, $value3, $value4));
?>
Change this line
$conn = new PDO("mysql:host=$dbhost;dbname=$dbname",$dbuser,$dbpass);
to this
$conn = new PDO("mysql:host=$dbhost;dbname=$dbname",$dbuser,$dbpass, array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
and use try catch on
try
{
$q->execute(array($value1, $value2, $value3, $value4));
}
catch(Exception $e)
{
echo $e->getMessage();
//other code to handle exception for example logging, rollback transaction if exists etc.
}
When you make these changes then PDO Exceptions will be thrown and you will see what problem is. With PDO exception you can do more to handle error, for example if you use transactions then you can in catch block rollback it.
You can use error_reporting(E_ALL); and display_errors with ini_set().
You can also use PDO::errorInfo
From manual:
PDO::errorInfo — Fetch extended error information associated with the last operation on the database handle
To see examples check this link
Check these links:
how to set display errors
info about exceptions
pdo exception