According to everything I've found and seen, this seems correct. When I print $query the outcome is the following:
"INSERT INTO customers (FirstName, MiddleInit, LastName, Address, City, State, Zip, Email, Gender) VALUES (?,?,?,?,?,?,?,?,?)"
The parameters should have been filled in with the variables in bindValues(). So, for example ...
INSERT INTO customers (FirstName, MiddleInit, LastName, Address, City, State, Zip, Email, Gender) VALUES (Bill, A, Hopkins, 123 Ave, ....)
I'd like to stick with this method - it is surrounded by a try/catch block. From printing the query variable out I can see that is where the issue is.
What am I missing? I really appreciate you looking!
$query = 'INSERT INTO customers (FirstName, MiddleInit, LastName, Address, City, State, Zip, Email, Gender) VALUES (?,?,?,?,?,?,?,?,?)';
echo $query;
$statement = $db->prepare($query);
$statement->bindValue(1, $firstName);
$statement->bindValue(2, $middle);
$statement->bindValue(3, $lastName);
$statement->bindValue(4, $address);
$statement->bindValue(5, $city);
$statement->bindValue(6, $state);
$statement->bindValue(7, $zip);
$statement->bindValue(8, $email);
$statement->bindValue(9, $gender);
$success = ($statement->execute());
We need more code considering the error but you can try this with prepared statements:
$query = 'INSERT INTO customers (FirstName, MiddleInit, LastName, Address, City, State, Zip, Email, Gender) VALUES (:firstName, :middle, :lastName, :address, :city, :state, :zip, :email, :gender)';
$statement = $db->prepare($sql);
$statement->execute(array(':firstName'=>$firstName, ':middle'=>$middle, ':lastName'=>$lastName, ':address'=>$address, ':city'=>$city, ':state'=>$state, ':zip'=>$zip, ':email'=>$email, ':gender'=>$gender));
Related
I'm getting the following error
Link to DBconfig.php ->
Link to code ->
Can you guys please help me ;)
thank you!
My code ->
<?php
include '../header.php';
include '../dbconfig.php';
if(isset($_POST['registreer'])){
$naam = $_POST['naam'];
$email = $_POST['email'];
$wachtwoord = $_POST['wachtwoord'];
$insert = $db->prepare("INSERT INTO klant(naam, adres, postcode, email, password)
values(:name, :adres, :postcode, :woonplaats, :email, :pass) ");
$insert->bindParam(':naam',$naam);
$insert->bindParam(':adres',$adres);
$insert->bindParam(':postcode',$postcode);
$insert->bindParam(':woonplaats',$woonplaats);
$insert->bindParam(':email',$email);
$insert->bindParam(':wachtwoord',$wachtwoord);
$insert->execute();
}
?>
values(:name, :adres, :postcode, :woonplaats, :email, :pass) ");
You have parameters :name and :pass but in your bindings you have spelled them in Dutch:
$insert->bindParam(':naam',$naam);
$insert->bindParam(':wachtwoord',$wachtwoord);
PDO doesn't know how to translate parameter names between English and Dutch. :-)
You are sending to many parameters.
$insert = $db->prepare("INSERT INTO klant(naam, adres, postcode, email, password) values(:name, :adres, :postcode, :woonplaats, :email, :pass) ");
You have the insert into " naam, adres, postcode, email and password" (that's 5)
And you are trying to insert 6 values.
"Name, adres, postcode, woonplaats, email and pass.
Sorry for the poor formating, I am on mobile.
I have two tables, user_info and Friend_info. I want to do that when user update his record in user_info then it should also b update in friend_info where friend_id=user_id. I have tried this
UPDATE user_info (name, user_email, Gender, DOB, contact, address) WHERE user_id='$user_id',
friends_info(name, user_email, Gender, DOB, contact, address) WHERE friend_id='$user_id'
values('$name', '$user_email', '$Gender', '$DOB', '$contact', '$address');
But its not working . Any other solution please. It'll be appreciated.
I know this question is too late to ask now a days but its my problem because i am confused after doing so many search and no query is working in my case.
Your question is not clear. So are you testing something like you want query in phpmyadmin. if not then you might need to do in as a transaction. but if its a test or such try this:
UPDATE user_info (name, user_email, Gender, DOB, contact, address)
values('$name', '$user_email', '$Gender', '$DOB', '$contact', '$address')
WHERE user_id='$user_id';
UPDATE friends_info(name, user_email, Gender, DOB, contact, address)
values('$name', '$user_email', '$Gender', '$DOB', '$contact', '$address')
WHERE friend_id='$user_id';
So this is two query which then they are gonna execute together. But now in PHP
check these:
https://stackoverflow.com/a/802474/2226796
http://se2.php.net/manual/en/mysqli.multi-query.php
PHP + MySQL transactions examples
You can join the two tables in your statement using user_id as the joining key.
UPDATE user_info ui
INNER JOIN friends_info fi
ON ui.user_id = fi.user_id
SET ui.name = $name,
SET ui.user_email = $email,
SET ui.Gender = $Gender,
SET ui.DOB = $DOB,
SET ui.contact = $contact,
SET ui.address = $address,
-- set friends_info
SET fi.name = $name,
SET fi.user_email = $email,
SET fi.Gender = $Gender,
SET fi.DOB = $DOB,
SET fi.contact = $contact,
SET fi.address = $address
WHERE ui.user_id = $user_id;
I will admit I am a newbie when it comes to PDO, but I have to change over a form that is in mysql.. I am getting connection, but nothing inserted.. I am truly stuck and feel like an idiot because I know it is something simple I am missing
I have tried having the arrays above and after the insert.. Neither work
Any help would be appreciated
Here is my code:
$conn = new PDO("mysql:host=$dbhost;dbname=$dbname",$dbuser,$dbpass);
$STH = $conn->prepare("INSERT INTO PinTrade (ID, PIN, Year, Make, Model, Mileage, FirstName, LastName, Phone, Email, Date)
VALUES ('', '$pin', '$year', '$make', '$model', '$mileage', '$first', '$last', '$phone', '$email', '1234' )");
$STH->bindParam(':PIN', $_POST['pin']);
$STH->bindParam(':Year', $_POST['year']);
$STH->bindParam(':Make', $_POST['make']);
$STH->bindParam(':Model', $_POST['model']);
$STH->bindParam(':Mileage', $_POST['mileage']);
$STH->bindParam(':FirstName', $_POST['first']);
$STH->bindParam(':LastName', $_POST['last']);
$STH->bindParam(':Phone', $_POST['phone']);
$STH->bindParam(':Email', $_POST['email']);
$STH->execute();
Get rid of the dollar signs and quotes in your query values:
$STH = $conn->prepare("INSERT INTO PinTrade (ID, PIN, Year, Make,
Model, Mileage, FirstName, LastName, Phone, Email, Date)
VALUES (null, :PIN, :Year, :Make, //and so on....
Also note, assuming ID is an auto incrementing field, just insert null
VALUES (null, :PIN,
Finally, if you're pulling from the post array, I'd use bindValue over bindParam
I dont get any errors, but when I refresh my database nothing seems to be going through. The connection credentials are definitely correct.
$query = $pdo->prepare('INSERT INTO direct_transfer (fname, lname, add, city, post, country, email, nummag, donate) VALUES (:fname, :lname, :add, :city, :post, :country, :email, :nummag, :donate)');
$query->execute(array(':fname'=>$fname,
':lname'=>$lname,
':add'=>$add,
':city'=>$city,
':post'=>$post,
':country'=>$country,
':email'=>$email,
':nummag'=>$nummag,
':donate'=>$donate));
When you use reserved words in mysql, you need to escape them in backticks:
... (fname, lname, `add`, city, post, country, email, nummag, donate) ...
You should also add error handling so that PDO tells you right away what is wrong.
You can tell PDO to throw exceptions by adding this after you connect to the database:
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
You can also set the error handling mode when you open the connection, see the manual.
Without ':' in the array.
$query = $pdo->prepare('INSERT INTO `direct_transfer` (`fname`, `lname`, `add`, `city`, `post`, `country`, `email`, `nummag`, `donate`) VALUES (:fname, :lname, :add, :city, :post, :country, :email, :nummag, :donate)');
$query->execute(array('fname'=>$fname,
'lname'=>$lname,
'add'=>$add,
'city'=>$city,
'post'=>$post,
'country'=>$country,
'email'=>$email,
'nummag'=>$nummag,
'donate'=>$donate));
I am having problems getting an sql query correct to update user profiles. I use (basically) the same query to INSERT the data and it works fine (just without the WHERE id=clientid and without clientid in the execute array. The query below does not update any data in the database.
I tested and made sure that all the variables are being posted and they are. As a sidenote, is this query safe from sql injection?
$conn = new PDO("mysql:host=$DB_HOST;dbname=$DB_DATABASE",$DB_USER,$DB_PASSWORD);
// Deal with the POST variables here...(excluded)
$sql = "UPDATE clients (firstname, lastname, origincountry, dob, gender, email, phone, address, postal, city, province, referred, notes)
VALUES (:firstname, :lastname, :origincountry, :dob, :gender, :email, :phone, :address, :postal, :city, :province, :referred, :notes)
WHERE id = :clientid" ;
$q = $conn->prepare($sql);
$q->execute(array(':firstname'=>$firstname,
':lastname'=>$lastname,
':origincountry'=>$origincountry,
':dob'=>$dob,
':gender'=>$gender,
':email'=>$email,
':phone'=>$phone,
':address'=>$address,
':postal'=>$postal,
':city'=>$city,
':province'=>$province,
':referred'=>$referred,
':notes'=>$notes,
':clientid'=>$clientid));
Your SQL is invalid. See UPDATE. (thanks to #rambocoder for pointing that out).
Use this SQL:
UPDATE clients SET firstname = :firstname, lastname = :lastname, origincountry = :origincountry, dob = :dob, gender = :gender, email = :email, phone = :phone, address = :address, postal = :postal, city = :city, province = :province, referred = :referred, notes = :notes
WHERE id = :clientid