I am trying to run the following in PHP:
$stmt = $db_con->prepare("SELECT * FROM users WHERE email=:email");
$stmt->execute(array(":email"=>$user_email));
$count = $stmt->rowCount();
if($count==0){
$stmt = $db_con->prepare("INSERT INTO users(username,email,password,ip)VALUES(:uname, :email, :password, :ip)");
$stmt->bindParam(":username",$username);
$stmt->bindParam(":email",$useremail);
$stmt->bindParam(":password",$hasheduserpassword);
$stmt->bindParam(":ip",$userip);
As a result, I get the following error:
SQLSTATE[HY093]: Invalid parameter number: parameter was not defined
In the query you are defining uname while setting a parameter called username
try
$stmt = $db_con->prepare("INSERT INTO users(username,email,password,ip)VALUES(:username, :email, :password, :ip)");
Your error lies here
$stmt = $db_con->prepare("INSERT INTO users(username,email,password,ip)VALUES(:uname, :email, :password, :ip)");
// $stmt->bindParam(":username",$username);// this shoud be uname
$stmt->bindParam(":uname",$username);
Error is here:
VALUES(:uname,
$stmt->bindParam(":username",$username);
MySql is looking for :username but it cannot find it because you named it :uname.
Both must match.
Related
I'm trying to insert data to database but i always get error
What I'm doing wrong?
// Enter the new user in the database
$sql = "INSERT INTO policajt (meno, priezvisko, cislo_odznaku) VALUES (:fname, :lname, :co)";
$stmt = $conn->prepare($sql);
$sql = "INSERT INTO users (policajt_id, username, heslo) VALUES (LAST_INSERT_ID(), :username, :password)";
$stmt = $conn->prepare($sql);
$stmt->bindParam(':fname', $_POST['fname'], PDO::PARAM_STR);
$stmt->bindParam(':lname', $_POST['lname'], PDO::PARAM_STR);
$stmt->bindParam(':co', $_POST['co'], PDO::PARAM_STR);
$stmt->bindParam(':username', $_POST['username'], PDO::PARAM_STR);
$password = password_hash($_POST['password'], PASSWORD_BCRYPT);
$stmt->bindParam(':password', $password, PDO::PARAM_STR);
if( $stmt->execute()):
$message = 'Successfully created new user';
else:
$message = 'Sorry there must have been an issue creating your account';
endif;
When I run code, I get this error:
Warning: PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter
number: number of bound variables does not match number of tokens
Any help would be greatly appreciated. Thank you in advance!
In your insert statement you are not specifying the tokens for all fields that you want to do an insert for.
INSERT INTO policajt (meno, priezvisko, cislo_odznaku) VALUES (:fname, :lname, :co)
should be
INSERT INTO policajt (meno, priezvisko, cislo_odznaku) VALUES (:meno, :fname, :lname, :co)
Afternoon,
Currently I am writing a program that allows an admin to update the members datebase.
My code is as follows:
$member_id = $formdata['update'];
$surname = $formdata['surname'];
$other_name = $formdata['othername'];
$contactmethod = $formdata['contactmethod'];
$email = $formdata['email'];
$mobilenum = $formdata['mobilenum'];
$phonenum = $formdata['phonenum'];
$occupation = $formdata['occupation'];
$userpass = $formdata['userpass'];
if(!isset($formdata['magazine']))
$magazine = 0;
else
$magazine = 1;
//Get ready to talk to the DB
$db = getDBConnection();
//Make a prepared query so that we can use data binding and avoid SQL injections.
$insertUser = $db->prepare('INSERT into member VALUES
(:surname, :other_name, :contact_method,
:email, :mobile, :landline, :magazine, :street,
:suburb, :postcode, :password,
:occupation) WHERE member_id=$member_id');
//Bind the data from the form to the query variables.
//Doing it this way means PDO sanitises the input which prevents SQL injection.
$insertUser->bindParam(':surname', $surname, PDO::PARAM_STR);
$insertUser->bindParam(':other_name', $other_name, PDO::PARAM_STR);
$insertUser->bindParam(':contact_method', $contactmethod, PDO::PARAM_STR);
$insertUser->bindParam(':email', $email, PDO::PARAM_STR);
$insertUser->bindParam(':mobile', $mobilenum, PDO::PARAM_STR);
$insertUser->bindParam(':landline', $phonenum, PDO::PARAM_STR);
$insertUser->bindParam(':magazine', $magazine, PDO::PARAM_INT);
$insertUser->bindParam(':street', $streetaddr, PDO::PARAM_STR);
$insertUser->bindParam(':suburb', $suburbstate, PDO::PARAM_STR);
$insertUser->bindParam(':postcode', $postcode, PDO::PARAM_INT);
$insertUser->bindParam(':password', $userpass, PDO::PARAM_STR);
$insertUser->bindParam(':occupation', $occupation, PDO::PARAM_STR);
Current error is within WHERE member_id=$member_id
I have no idea what the error is and how to fix it.
Any tips?
try using an UPDATE.
'UPDATE member SET surname = :surname, other_name = :other_name, contact_method = :contact_method,
email = :email, mobile = :mobile, landline = :landline, magazine = :magazine, street = :street,
suburb = :suburb, postcode = :postcode, password = :password,
occupation = :occupation) WHERE member_id = :member_id'
Additionally, bind another param for member_id otherwise ther isnt much point in doing the others
$insertUser->bindParam(':member_id', $member_id, PDO::PARAM_INT);
I'm attempting to update a table in a database using PDO. At present I'm submitting the form and getting nothing but a white screen, I've enabled all error reporting options and still nothing but a white screen.. I've been staring at the code for what feels like a lifetime and still can't resolve the issue. A push in the right direction would be much appreciated...Thanks
require('includes/config.php');
//if not logged in redirect to login page
if(!$user->is_logged_in()){ header('Location: login.php'); }
$signedin = $_SESSION['username'];
$sql = "UPDATE member SET firstname = :firstname,
lastname = :lastname,
username = :username,
email = :email,
age = :age,
country = :country
where username = $signedin";
$stmt = $db->prepare($sql);
$stmt->bindParam(':firstname', $_POST['firstname'], PDO::PARAM_STR);
$stmt->bindParam(':lastname', $_POST['$lastname'], PDO::PARAM_STR);
$stmt->bindParam(':username', $_POST['username'], PDO::PARAM_STR);
// use PARAM_STR although a number
$stmt->bindParam(':email', $_POST['email'], PDO::PARAM_STR);
$stmt->bindParam(':age', $_POST['age'], PDO::PARAM_STR);
$stmt->bindParam(':country', $_POST['country'], PDO::PARAM_INT);
$stmt= $db->execute($sql);
?>
The execute() function doesn't need the $sql (you provided that in prepare())
$stmt->execute();
Next, you should pass all your data into your prepared statement, otherwise you're defeating the purpose (which is maximum security). So let's remove
$sql = "UPDATE member SET firstname = :firstname,
lastname = :lastname,
username = :username,
email = :email,
age = :age,
country = :country
where username = :username";
//snip
$stmt->bindParam(':username', $_SESSION['username'], PDO::PARAM_STR);
You need the quotes in your where clause.
$sql = "UPDATE member SET firstname = :firstname,
lastname = :lastname,
username = :username,
email = :email,
age = :age,
country = :country
where username = '$signedin'";
Also, it's better to update by id since it's unique.
I have tried lots of ways to get the last inserted ID with the code below (snipplet from larger class) and now I have given up.
Does anyone know howto get PDO lastInsertId to work?
Thanks in advance.
$sql = "INSERT INTO auth (surname, forename, email, mobile, mobilepin, actlink, regdate) VALUES (:surname, :forename, :email, :mobile, :mobpin, :actlink, NOW())";
$stmt = $this->dbh->prepare($sql);
if(!$stmt) {
return "st";
}
$stmt->bindParam(':surname', $this->surname);
$stmt->bindParam(':forename', $this->forename);
$stmt->bindParam(':email', $this->email);
$stmt->bindParam(':mobile', $this->mobile);
$stmt->bindParam(':mobpin', $this->mobilePin);
$stmt->bindParam(':actlink', $this->actlink);
$result = $stmt->execute();
//return var_dump($result);
$arr = array();
$arr = $stmt->errorInfo();
$_SESSION['record'] = 'OK' . $dbh->lastInsertId();
$arr .= $_SESSION['record'];
return $arr;
In your code snippet, I saw some minor inconsistencies that may have an effect on the problem. For an example, in the code to prepare your SQL statement you use,
$stmt = $this->dbh->prepare($sql);
Notice the $this keyword. Then to retrieve the ID, you call,
$dbh->lastInsertId();
Have you tried using,
$this->dbh->lastInsertId();
I want to insert the time of user's registration:
function InsertUserToSql()
...
$stmt = $this->dbh->prepare("INSERT INTO users
(username, password, email, regdate) VALUES
(:username,:password, :email, :regdate)");
$stmt->bindParam(':username', $this->Username);
$stmt->bindParam(':password', $this->Password);
$stmt->bindParam(':email', $this->Email);
$stmt->bindParam(':regdate', time()); // this line shows the error
$stmt->execute();
...
Error: Strict standards: Only variables should be passed by reference
$stmt = $this->dbh->prepare("INSERT INTO users
(username, password, email, regdate) VALUES
(:username,:password, :email, UNIX_TIMESTAMP())");
as for the error message - it's pretty googlable.