Here i am trying to insert the value to mysql table column,i have assigned a string value to variable and i am using that variable to insert value to mysql table column.
$userrrole = "vendor";
$query_new_user_insert = $this->db_connection->prepare('INSERT INTO users (user_name, user_password_hash, user_email, user_activation_hash, user_registration_ip, user_role, user_registration_datetime) VALUES(:user_name, :user_password_hash, :user_email, :user_activation_hash, :user_registration_ip, :user_registration_ip, :user_role, now())');
$query_new_user_insert->bindValue(':user_name', $user_name, PDO::PARAM_STR);
$query_new_user_insert->bindValue(':user_password_hash', $user_password_hash, PDO::PARAM_STR);
$query_new_user_insert->bindValue(':user_role', $userrrole, PDO::PARAM_STR);
The problem here is that i am able to insert all other values other than :user_role. when i run this query i am not able to insert value of :user_role instead the value is replaced by default value specified in mysql setting.
how can i do this? how can i insert value of :user_role
You're using :user_registration_ip twice.
Fix the query as
INSERT INTO users (user_name, user_password_hash, user_email,
user_activation_hash, user_registration_ip,
user_role, user_registration_datetime)
VALUES (:user_name, :user_password_hash, :user_email,
:user_activation_hash, :user_registration_ip,
:user_role, now())
Related
I changed to another database with more columns. Nut now my register page doesn't work anymore. The tables all have default settings.
How can I let the query put all the data in the columns and use the defaults for other columns?
This is my query:
mysql_query("
INSERT INTO `users`
(`username`, `password`, `mail`, 'account_created', 'ip_last', 'ip_reg')
VALUES(
'".$naam."', '".$wachtwoord."', '".$email."',
'".$timestamp."', '".$ip."', '".$ip."'
)
");
It worked before, but now on this new database it doesn't work anymore. I didn't change my php version or something.
You can use variables in query strings without quotes.
By the way you should think about more secure -
PDO? What is this magic system
PDO Version:
$query = $db->prepare("INSERT INTO users(username, password, mail, account_created, ip_last, ip_reg) VALUES (?, ?, ?, ?, ?, ?)");
$query->execute(array($naam, $wachtwoord, $email, $timestamp, $ip, $ip));
Trash Version:
mysql_query("INSERT INTO users(username, password, mail, account_created, ip_last, ip_reg) VALUES ($naam, $wachtwoord, $email, $timestamp, $ip, $ip)");
Know the difference between back ticks and single quotes
mysql_query("
INSERT INTO `users` (`username`, `password`, `mail`, `account_created`, `ip_last`, `ip_reg`) VALUES('".$naam."', '".$wachtwoord."', '".$email."', '".$timestamp."', '".$ip."', '".$ip."')");
I am having a slight issue adding a record into the database.
For some reason it is not adding the record into the database.
I have a form in HTML and serialize it with jQuery to use in an AJAX request. I know this works as I used to use it with the old mysql commands.
This is what I have in the insert.php file:
$ln=($_POST['lastname']);
$fn=($_POST['firstname']);
$dob=($_POST['dob']);
$un=($_POST['username']);
$a1=($_POST['address1']);
$a2=($_POST['address2']);
$town=($_POST['town']);
$county=($_POST['county']);
$pc=($_POST['postcode']);
$country=($_POST['country']);
$lat=($_POST['lat']);
$lng=($_POST['lng']);
$lp=($_POST['landline']);
$mp=($_POST['mobile']);
$e1=($_POST['email1']);
$e2=($_POST['email2']);
$web=($_POST['web']);
$notes=($_POST['notes']);
$fb=($_POST['fbid']);
$tw=($_POST['twitter']);
$cat=($_POST['cat']);
$it=($_POST['Time']);
$idate=($_POST['Date']);
$iip=($_POST['ipaddress']);
$ib=($_POST['browser']);
$ios=($_POST['os']);
These are the posted values being used from the form.
I then have the following queries (I have 5 different ones as they are writing to 5 tables. As I say, this worked with the old mysql commands, but not the PDO commands.
$sqlp = $conn->prepare("INSERT INTO ".PERSON." (lastname, firstname, dob, adbkid) VALUES(:ln, :fn, :dob, :un)");
$sqlp->execute();
$idp = $conn->lastInsertId();
$sqla = $conn->prepare("INSERT INTO ".ADDRESS." (address1, address2, town, county, postcode, country, lat, lng, personID) VALUES (:a1, :a2, :town, :county, :pc, :country, :lat, :lng, :un)");
$sqla->execute();
$ida = $conn->lastInsertId();
$sqlc = $conn->prepare("INSERT INTO ".CONTACT." (landline, mobile, email1, email2, personID) VALUES (:lp, :mp, :e1, :e2, :un)");
$sqlc->execute();
$idc = $conn->lastInsertId();
$sqlm = $conn->prepare("INSERT INTO ".MISC." (web, notes, photo, fbid, twitter, cat, personID) VALUES (:web, :notes, :pic, :fb, :tw, :cat, :un)");
$sqlm->execute();
$idm = $conn->lastInsertId();
$sqlv = $conn->prepare("INSERT INTO ".VARI." (Time, Date, ipaddress, browser, os, personID) VALUES (:it, :idate, :ip, :ib, :ios, :un)");
$sqlv->execute();
$idv = $conn->lastInsertId();
$sqlp->bindValue(':ln', $ln);
$sqlp->bindValue(':fn', $fn);
$sqlp->bindValue(':dob', $dob);
$sqlp->bindValue(':un', $un);
$sqla->bindValue(':a1', $a1);
$sqla->bindValue(':a2', $a2);
$sqla->bindValue(':town', $town);
$sqla->bindValue(':county', $county);
$sqla->bindValue(':pc', $pc);
$sqla->bindValue(':country', $country);
$sqla->bindValue(':lat', $lat);
$sqla->bindValue(':lng', $lng);
$sqlc->bindValue(':lp', $lp);
$sqlc->bindValue(':mp', $mp);
$sqlc->bindValue(':e1', $e1);
$sqlc->bindValue(':e2', $e2);
$sqlm ->bindValue(':web', $web);
$sqlm ->bindValue(':notes', $notes);
$sqlm ->bindValue(':pic', $pic);
$sqlm ->bindValue(':fb', $fb);
$sqlm ->bindValue(':tw', $tw);
$sqlm ->bindValue(':cat', $cat);
$sqlv ->bindValue(':it', $it);
$sqlv ->bindValue(':idate', $idate);
$sqlv ->bindValue(':iip', $iip);
$sqlv ->bindValue(':ib', $ib);
$sqlv ->bindValue(':ios', $ios);
I have ran these with a try catch to see if I can figure out what is going on and I get the following error:
"SQLSTATE[HY093]: Invalid parameter number: no parameters were bound"
I have echoed out what is being put into each of the values and it corresponds with what I have in entered into the form.
I am also trying to echo out the last inserted ID's for each table and it isn't echoing that out.
I have had a look around Google and php.net and here and from what I read I am doing everything as they say I should be.
I am at a loss as to what is happening.
If you had any pointers they would be most welcome.
you have to bind the params first and then execute it
i.e:
$sqlp = $conn->prepare("INSERT INTO ".PERSON." (lastname, firstname, dob, adbkid) VALUES(:ln, :fn, :dob, :un)");
$sqlp->bindValue(':ln', $ln);
$sqlp->bindValue(':fn', $fn);
$sqlp->bindValue(':dob', $dob);
$sqlp->bindValue(':un', $un);
$sqlp->execute();
$idp = $conn->lastInsertId();
...
Still very new to php but learning quickly. I have two forms that gather data that is then passed to a php function. All the data from both forms is making it to the php file as I am echoing the values to be sure.
My issue is the first table is updated correctly without any issues but the second table is not updated.
Here is the code in question
private function registerNewUser($user_name, $user_email, $user_password, $user_password_repeat, $captcha, $user_type, $first_name)
....
// write new users data into database
$query_new_user_insert = $this->db_connection->prepare('INSERT INTO users (user_name, user_password_hash, user_email, user_activation_hash, user_registration_ip, user_registration_datetime, user_type) VALUES(:user_name, :user_password_hash, :user_email, :user_activation_hash, :user_registration_ip, now(), :user_type)');
$query_new_user_insert->bindValue(':user_name', $user_name, PDO::PARAM_STR);
$query_new_user_insert->bindValue(':user_password_hash', $user_password_hash, PDO::PARAM_STR);
$query_new_user_insert->bindValue(':user_email', $user_email, PDO::PARAM_STR);
$query_new_user_insert->bindValue(':user_activation_hash', $user_activation_hash, PDO::PARAM_STR);
$query_new_user_insert->bindValue(':user_registration_ip', $_SERVER['REMOTE_ADDR'], PDO::PARAM_STR);
$query_new_user_insert->bindValue(':user_type', $user_type, PDO::PARAM_STR);
$query_new_user_insert->execute();
// id of new user
$id = $this->db_connection->lastInsertId();
echo $first_name;
echo $user_email;
echo $id;
// attempt at writing to additional table
$this->db_connection->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING );
$query_new_user_insert2 = $this->db_connection->prepare('INSERT INTO C_Customer (First_Name, Email_Address, Created_Date, id) VALUES(:first_name, :user_email, now() :id');
$query_new_user_insert2->bindValue(':first_name', $first_name, PDO::PARAM_STR);
$query_new_user_insert2->bindValue(':user_email', $user_email, PDO::PARAM_STR);
$query_new_user_insert2->bindValue(':id', $id, PDO::PARAM_INT);
$query_new_user_insert2->execute();
$query_new_user_insert works as the table is updated
$query_new_user_insert2 does not work as the table C_Customers contains no data.
On second query, you forgot to put comma between now() and :id. Also, you forgot to put closing bracket.
prepare('INSERT INTO C_Customer (First_Name, Email_Address, Created_Date, id) VALUES(:first_name, :user_email, now() :id')
should be
prepare('INSERT INTO C_Customer (First_Name, Email_Address, Created_Date, id) VALUES(:first_name, :user_email, now(), :id)');
Another typo :) hope it helps.
I dont get any errors, but when I refresh my database nothing seems to be going through. The connection credentials are definitely correct.
$query = $pdo->prepare('INSERT INTO direct_transfer (fname, lname, add, city, post, country, email, nummag, donate) VALUES (:fname, :lname, :add, :city, :post, :country, :email, :nummag, :donate)');
$query->execute(array(':fname'=>$fname,
':lname'=>$lname,
':add'=>$add,
':city'=>$city,
':post'=>$post,
':country'=>$country,
':email'=>$email,
':nummag'=>$nummag,
':donate'=>$donate));
When you use reserved words in mysql, you need to escape them in backticks:
... (fname, lname, `add`, city, post, country, email, nummag, donate) ...
You should also add error handling so that PDO tells you right away what is wrong.
You can tell PDO to throw exceptions by adding this after you connect to the database:
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
You can also set the error handling mode when you open the connection, see the manual.
Without ':' in the array.
$query = $pdo->prepare('INSERT INTO `direct_transfer` (`fname`, `lname`, `add`, `city`, `post`, `country`, `email`, `nummag`, `donate`) VALUES (:fname, :lname, :add, :city, :post, :country, :email, :nummag, :donate)');
$query->execute(array('fname'=>$fname,
'lname'=>$lname,
'add'=>$add,
'city'=>$city,
'post'=>$post,
'country'=>$country,
'email'=>$email,
'nummag'=>$nummag,
'donate'=>$donate));
I am having problems getting an sql query correct to update user profiles. I use (basically) the same query to INSERT the data and it works fine (just without the WHERE id=clientid and without clientid in the execute array. The query below does not update any data in the database.
I tested and made sure that all the variables are being posted and they are. As a sidenote, is this query safe from sql injection?
$conn = new PDO("mysql:host=$DB_HOST;dbname=$DB_DATABASE",$DB_USER,$DB_PASSWORD);
// Deal with the POST variables here...(excluded)
$sql = "UPDATE clients (firstname, lastname, origincountry, dob, gender, email, phone, address, postal, city, province, referred, notes)
VALUES (:firstname, :lastname, :origincountry, :dob, :gender, :email, :phone, :address, :postal, :city, :province, :referred, :notes)
WHERE id = :clientid" ;
$q = $conn->prepare($sql);
$q->execute(array(':firstname'=>$firstname,
':lastname'=>$lastname,
':origincountry'=>$origincountry,
':dob'=>$dob,
':gender'=>$gender,
':email'=>$email,
':phone'=>$phone,
':address'=>$address,
':postal'=>$postal,
':city'=>$city,
':province'=>$province,
':referred'=>$referred,
':notes'=>$notes,
':clientid'=>$clientid));
Your SQL is invalid. See UPDATE. (thanks to #rambocoder for pointing that out).
Use this SQL:
UPDATE clients SET firstname = :firstname, lastname = :lastname, origincountry = :origincountry, dob = :dob, gender = :gender, email = :email, phone = :phone, address = :address, postal = :postal, city = :city, province = :province, referred = :referred, notes = :notes
WHERE id = :clientid