I am following tutorials for user registration. This is what I am trying to build query using implode:
if(isset($_POST['submit'])){
$registration_data= array(
'username' => $_POST['username'],
'password' => $_POST['password'],
'password_again' => $_POST['password_again'],
'first_name' => $_POST['first_name'],
'last_name' => $_POST['last_name'],
'email' => $_POST['email']
);
register_user($registration_data);
}
function register_user($registration_data){
global $connect;
$data=implode(',', $registration_data).'}';
$fields= implode(",", array_keys($registration_data));
Now I have to build query like this
$query=INSERT INTO users ($fields) VALUES($data);
// I want data to be formated like this '{$username}', '{$password}',
How can I do it in above mentioned implode functions,
Note: I am just following some basic tutorials so not worried about PDO/ injections etc
You need to put quotes around all the data values before you implode them:
$data = implode(',', array_map(function($x) {
return "'" . $x . "'";
}, $registration_data));
$fields = implode(',', array_keys($registration_data));
$query = "INSERT INTO users ($fields) VALUES ($data)";
Especially if you are just learning on how to do this, you should learn to do them right from the beginning.
You really don't need to use implode() with prepared statements. Just use PDO::prepare() and pass the array to PDOStatement::execute. Pseudo code is along the lines of:
$registration_data= array(
':username' => $_POST['username'],
':password' => $_POST['password'],
':password_agai' => $_POST['password_again'],
':first_name' => $_POST['first_name'],
':last_name' => $_POST['last_name'],
':email' => $_POST['email']
);
$sql='INSERT INTO yourtable VALUES (:username, :password, :password_agai, :first_name, :last_name, :email);';
$qry=$yourpdoconn->prepare($sql);
$qry->execute($registration_data);
Please note that you still need to handle your errors and everything else, but that's the gist of it. mysqli_* can do the same with prepared statements so you aren't necessarily stuck with PDO either.
Related
I have this code:
$possible_pics = array(
'red-pfp' => 'teem-pfp-red.svg',
'pink-pfp' => 'teem-pfp-pink.svg',
'blue-pfp' => 'teem-pfp-blue.svg',
'green-pfp' => 'teem-pfp-green.svg',
'purple-pfp' => 'teem-pfp-purple.svg',
'yellow-pfp' => 'teem-pfp-yellow.svg',
'orange-pfp' => 'teem-pfp-orange.svg',
);
shuffle($possible_pics);
echo reset($possible_pics);
The result of it, I want to insert it into a database this way:
$sentence = $connection->prepare("
INSERT INTO users (id, user, pass, email, profile_pic) VALUES (:id, :user, :password, :email, :profile_pic)
");
$sentence->execute(array(
':id' => $user_id,
':user' => $user,
':password' => $password,
':email' => $email,
':profile_pic' => $possible_pics
));
At this point I have already connected to the database, I'm just doing the SQL code.
As you can see, I am inserting the values into the database through an array, and in the part of :profile_pic, I am saying that I want to insert the result of the first code I added to my question, where I am shuffling the array and it only brings us 1 value. The problem here is that when I run this, it shows this:
Notice: Array to string conversion on line 73
Why is this happening and how can I make so it inserts the value of the randomized array? Where I do that, it works perfectly, and it returns effectively only 1 value. I can't do an implode() because it marks, unexpected implode().
In resume, how can I insert into a database the returned value of the randomized array I showed at the beginning of my question?
Just pick the output of reset function to a variable and use it in your insert statement.
shuffle($possible_pics);
$shuffledPic = reset($possible_pics);
...
$sentence->execute(array(
':id' => $user_id,
':user' => $user,
':password' => $password,
':email' => $email,
':profile_pic' => $shuffledPic
));
I have an problem I can't seem to solve.
$query = 'INSERT INTO members (username,password,email,active,owner_service) VALUES ( )';
$stmt = $db->prepare($query);
$stmt->bind_param( );
$stmt->execute(array(
':username' => $_POST['username'],
':password' => $hashedpassword,
':email' => $_POST['email'],
':active' => $activasion,
'"$owner_service"' => $POST_['owner_service']
));
'username, password, email and active' are all placeholders but 'owner_service' is a radio button and I don't know how to write it in code if I want to insert it into my table. Do I use ' :xx ' for the placeholders and ' ? ' for my radio button? So the code will look like
(:username, :password, :email, :active, ?)
and in the bind_param write
('$owner_service') ?
I have a prepared statement and param with variables, but it's possible that some of these variables may be empty and it gives me an error.. how to treat the code to SKIP the empty param?
CODE:
$stmt = $conn->prepare("insert into account (accountID, firstName, imageURL, sex, cat1) VALUES (:accountID, :firstName, :sourcefilename, :sex, :cat1)");
$stmt->execute(array(
':accountID' => $accountID,
':firstName' => $first_name,
':sourcefilename' => $sourcefilename,
':sex' => $gender,
':cat1' => $cat1));
I have three ":" (names)
$q = $db->prepare('INSERT INTO '.PRFX.'u
(phone,mail,lvl,regdate,act_lnk,joined,name,first_time)
VALUE(:phone,:mail,0,"'.time().'","'.md5(uniqid(mt_rand(),1)).'","'.DATETIME.'",:name,1)');
$q->execute(
array(
'phone'=>$_POST['phone'],
'mail'=>$_POST['mail'],
'name'=>$_POST['name']
)
);
And they're matched. So why I get the error?
Is guess it should be
array(
':phone'=>$_POST['phone'],
':mail'=>$_POST['mail'],
':name'=>$_POST['name']
)
You cannot mix named parameters and real values inside the prepare() method like you do by using 0, time() and other PHP functions.
The prepare() method needs to be free from real values because the DBMS don't expect any and won't parse the query. It only create an execution plan of the query. Your code should look like this:
$q = $db->prepare('INSERT INTO ' . PRFX . 'u
(phone,mail,lvl,regdate,act_lnk,joined,name,first_time)
VALUE(:phone,:mail,:lvl,:regDate,:actLink,:joined,:name,:firstTime)');
$q->execute(
array(
':phone' => $_POST['phone'],
':mail' => $_POST['mail'],
':name' => $_POST['name'],
':lvl' => 0,
':regDate' => time(),
':actLink' => md5(uniqid(mt_rand(),1)),
'joined' => DATETIME,
'firstTime' => 1
)
);
You should also check if the $_POST variables you are going to use are set, not-empty and have the expected type of value.
Furthermore I recommend to use bindValue() for binding the values to the query. Then you can define also the variable type:
$q->bindValue(':phone', $_POST['phone'], PDO::PARAM_STR);
$q->bindValue(':regDate', time(), PDO::PARAM_INT);
...
$q->execute();
i have some problems with execute a PDO.
No error, just nothing happens. The code looks like:
$stmt = $dbh->prepare("INSERT INTO `member_accounts` ('firstname','lastname','email','password') VALUES (:fname,:lname,:e,:pw)");
$arr = array(
':fname' => $_POST['firstname'],
':lname' => $_POST['lastname'],
':e' => $_POST['email'],
':pw' => $_POST['password'],
);
$stmt->execute($arr);
Anyone see the problem? I'm to new at PDO.. Thanks
Remove single quotes here
('firstname','lastname','email','password')
Right statement will be
$stmt = $dbh->prepare("INSERT INTO `member_accounts` (firstname,lastname,email,password) VALUES (:fname,:lname,:e,:pw)");
You can also use backtick(`) with column name but not single quotes.
$stmt = $dbh->prepare("INSERT INTO `member_accounts` (`firstname`,`lastname`,`email`,`password`) VALUES (:fname,:lname,:e,:pw)");
use the following code
$sql="INSERT INTO `member_accounts`
(firstname,lastname,email,password) VALUES
(:fname,:lname,:e,:pw)";
$stmt = $dbh->prepare($sql);
//pdo $stmt is false if any error occur
if($stmt)
{
$arr = array(
':fname' => $_POST['firstname'],
':lname' => $_POST['lastname'],
':e' => $_POST['email'],
':pw' => $_POST['password'],
);
$stmt->execute($arr);
}