In my PDO statement I am using this following method to insert data to SQL:
//insert into database with a prepared statement
$stmt = $db->prepare('INSERT INTO members (username,password,email,active) VALUES (:username, :password, :email, :active)');
$stmt->execute(array(
':username' => $_POST['username'],
':password' => $hashedpassword,
':email' => $_POST['email'],
':active' => $activasion
));
My problem is I get a warning message saying Dont Access superglobal variable $_post directly
And after google i found this solution filter_input(INPUT_POST, 'var_name') instead of $_POST['var_name']
but this is for PHP
Is there any method for PDO how do i replace $_POST and $_GET in PDO?
PDO is not a different language. It is a PHP extension used to connect and operate on a datasource.
You can use filter_input(INPUT_POST, 'username') without a problem in the code you have there.
$stmt = $db->prepare('INSERT INTO members (username,password,email,active) VALUES (:username, :password, :email, :active)');
$stmt->execute(array(
':username' => filter_input(INPUT_POST, 'username'),
':password' => $hashedpassword,
':email' => filter_input(INPUT_POST, 'email'),
':active' => $activasion
));
This should work just fine, but I don't see why you can't just access $_POST directly, can't se a problem with it.
The filter_input(INPUT_POST, 'username') instead of $_POST['username'] should work.
use the $_POST values in a variable
$stmt = $db->prepare('INSERT INTO members (username,password,email,active) VALUES (:username, :password, :email, :active)');
$username = $_POST['username'];
$email = $_POST['email'];
$stmt->execute(array(
':username' => $username,
':password' => $hashedpassword,
':email' => $email,
':active' => $activasion
));
Related
I have a form that has a hidden field (the date). I want this data to be inserted with the note that is submitted as well. I only have 3 columns in my table. ID,Note_id and Note.
So if a user submits a note the insert statement should add the date infront of the note.
My Current SQL Statement:
$pdoOptions = array(
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_EMULATE_PREPARES => false
);
$pdo = new PDO("mysql:host=" . MYSQL_HOST . ";dbname=" . MYSQL_DATABASE, MYSQL_USER,MYSQL_PASSWORD,$pdoOptions);
$data = [
'notes' => $_POST['notes'],
'id' => $_POST['rowID'],
'date2' => $_POST['date'],
];
$sql = "INSERT INTO notes (note_id, note) Values(:id, :notes)";
$stmt= $pdo->prepare($sql);
$stmt->execute($data);
My thought was I could add the :date2 to this but it does not seem to work
$pdoOptions = array(
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_EMULATE_PREPARES => false
);
$pdo = new PDO("mysql:host=" . MYSQL_HOST . ";dbname=" . MYSQL_DATABASE, MYSQL_USER,MYSQL_PASSWORD,$pdoOptions);
$data = [
'notes' => $_POST['notes'],
'id' => $_POST['rowID'],
'date2' => $_POST['date'],
];
$sql = "INSERT INTO notes (note_id, note) Values(:id, :date '-' :notes)";
$stmt= $pdo->prepare($sql);
$stmt->execute($data);
Whats the best method of doing this? I know I can have another column but I dont want that structure. The way it is displayed on the users side needs to be like this.
Thank you
Use CONCAT()
$sql = "INSERT INTO notes (note_id, note) Values(:id, CONCAT(:date,'-',:notes))";
This will work
I'm trying to implement a verification email process to my website but I got an error
Fatal error: Uncaught Error: Call to a member function execute() on
bool in :56 Stack trace: #0 {main} thrown in on line 56
Here is my code:
$user_activation_code = md5(rand());
// Nuevo Usuario
$hashed = password_hash($password,PASSWORD_DEFAULT);
$insert_query = 'INSERT INTO clientes (full_name,email,user_activation_code,user_email_status,password,permissions,street,numero,interior,city,state,zip_code,country) VALUES ("$name","$email","$user_activation_code",:user_email_status,"$hashed",cliente,"$street","$numero","$interior","$city","$state","$zip_code",Mexico)';
$statement = $db->prepare($insert_query);
$statement -> execute(
array(
'full_name' => $_POST['name'],
'email' => $_POST['email'],
'password' => $hashed,
'user_activation_code' => $user_activation_code,
':user_email_status' => 'no verificado'
)
);
$result = $statement->fetchAll();
You need to properly bind your array to the query.
PDO for using an associative array you need to have the values in both the query string and the same values in your key.
$insert_query = 'INSERT INTO clientes (full_name,email,user_activation_code,user_email_status,password,permissions,street,numero,interior,city,state,zip_code,country) VALUES (:full_name,:email,:user_activation_code,:user_email_status,:password,"cliente","$street","$numero","$interior","$city","$state","$zip_code","Mexico")';
array(
':full_name' => $_POST['name'],
':email' => $_POST['email'],
':password' => $hashed,
':user_activation_code' => $user_activation_code,
':user_email_status' => 'no verificado'
)
Please also bind your other values such as: $city, $state etc.
I'm trying to insert date when user make registration but doesn't work. It didn't insert anything when I add NOW() to the query. If I remove it user is added into database.
This is normal query
$stmt = $pdo->prepare('INSERT INTO users (username,password,email,active) VALUES (:username, :password, :email, :active');
$stmt->execute(array(
':username' => $_POST['username'],
':password' => $hashedpassword,
':email' => $_POST['email'],
':active' => $activasion
));
I've read other threads and tried this
$stmt = $pdo->prepare('INSERT INTO users (username,password,email,created,active) VALUES (:username, :password, :email, NOW(), :active');
$stmt->execute(array(
':username' => $_POST['username'],
':password' => $hashedpassword,
':email' => $_POST['email'],
':active' => $activasion
));
just added created and NOW() to the query but didn't insert anything.
What can be the problem?
You are missing closing parenthesis on the SQL you are feeding to prepare():
$stmt = $pdo->prepare('INSERT INTO users (username,password,email,created,active) VALUES (:username, :password, :email, NOW(), :active');
It should be
$stmt = $pdo->prepare('INSERT INTO users (username,password,email,created,active) VALUES (:username, :password, :email, NOW(), :active)');
As #VincentDecaux suggests, your error checking should catch this. Use the following to enable exceptions, if that's what you prefer:
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
Try ths
$created = date("Y:m:d h:i:s");
$stmt = $pdo->prepare('INSERT INTO users (username,password,email,created,active) VALUES (:username, :password, :email, :created, :active');
$stmt->execute(array(
':username' => $_POST['username'],
':password' => $hashedpassword,
':email' => $_POST['email'],
':active' => $activasion,
':created' => $created
));
First try to catch your error :
try {
$stmt = $pdo->prepare('INSERT INTO users (username,password,email,created,active) VALUES (:username, :password, :email, NOW(), :active');
$stmt->execute(array(
':username' => $_POST['username'],
':password' => $hashedpassword,
':email' => $_POST['email'],
':active' => $activasion
));
}
catch(Exception $e) {
echo 'Exception -> ';
var_dump($e->getMessage());
}
Then, you can use this way :
$stmt->execute(array(
':username' => $_POST['username'],
':password' => $hashedpassword,
':created' => date('Y-m-d H:i:s'),
':email' => $_POST['email'],
':active' => $activasion
));
I have this SQL Query
$sql = $conn->prepare('INSERT INTO Accounts (Status, Username, Password, FirstName, LastName, EmailAddress, API_Status, API_Key, About) VALUES (:Status, :Username, :Password, :FirstName, :LastName, :EmailAddress, :API_Status, API_Key, :About)');
$sql->execute(array('Status' => 'NotActive', 'Username' => $Username, 'Password' => $PasswordHash, 'FirstName' => $FirstName, 'LastName' => $LastName, 'EmailAddress' => $EmailAddress, 'API_Status' => 'OFF', 'API_Key' => $API_Key, 'About' => $Other));
When executing this query I'm using try { and
catch(PDOException $e) {
echo $sql . "<br>" . $e->getMessage();
}
Now when I run script Iget this PHP error:
Catchable fatal error: Object of class PDOStatement could not be
converted to string in /var/www/html/register.php on line 94
How I can slove this problem?
Problems with question.
Wrong naming. SQL is a text that is passed to prepare(). While returned value is an object. Problem not solved.
Due to wrong naming the OP is trying to echo an object. Problem not solved.
Thanks to the great site of Stack Overflow, the OP is taught terrible wrong way of handling PDO errors, with useless try..catch stuff. Problem not solved.
: is missed for one placeholder. The only problem solved.
As a result, next time this query throws an exception, THE SAME UTTERLY USELESS and irrelevant error message will be produced.
What should be done instead?
$sql = 'INSERT INTO Accounts
(Status, Username, Password, FirstName, LastName, EmailAddress,
API_Status, API_Key, About)
VALUES (:Status, :Username, :Password, :FirstName,
:LastName, :EmailAddress, :API_Status, :API_Key, :About)';
$data = array(
'Status' => 'NotActive',
'Username' => $Username,
'Password' => $PasswordHash,
'FirstName' => $FirstName,
'LastName' => $LastName,
'EmailAddress' => $EmailAddress,
'API_Status' => 'OFF',
'API_Key' => $API_Key,
'About' => $Other
);
$conn->prepare($sql)->execute($data);
What do we have here?
proper naming. if one have a fancy of echoing an SQL query, they will be no mistaken.
readability. No long and windy code off the screen, allowing us to visually inspect the query and find the syntax error.
corrected placeholder syntax.
no statement object is echoed. Neither SQL is, as it makes very little sense in case of a prepared statement.
no stupid try..catch block. Means PHP will be able to notify PHP user in case of error occurred.
you can't echo your sql as you are using, you may need to use debugDumpParams() try something like this.
$sql = $conn->prepare('INSERT INTO Accounts (Status, Username, Password, FirstName, LastName, EmailAddress, API_Status, API_Key, About) VALUES (:Status, :Username, :Password, :FirstName, :LastName, :EmailAddress, :API_Status, API_Key, :About)');
$sql->execute(array(':Status' => 'NotActive', ':Username' => $Username, ':Password' => $PasswordHash, ':FirstName' => $FirstName, ':LastName' => $LastName, ':EmailAddress' => $EmailAddress, ':API_Status' => 'OFF', ':API_Key' => $API_Key, ':About' => $Other));
echo $sql->debugDumpParams();
Hi i try to execute the following prepared statment
$sql = "INSERT INTO cc_a (entite_juridique, enseigne_commerciale, raison_sociale, adresse, adresse2, cp, ville, country, region, departement, tel , email, website , categorie, facebook, twitter, google, siren, lieu_immat, capital, description, status)
VALUES (:entite_juridique, :enseigne_commerciale, :raison_sociale,:adresse, :adresse2,:cp,:ville, :country, :region, :departement, :tel, :email, :website, :categorie, :facebook,:twitter, :google, :siren,:lieu_immat, :capital, :description, :status)";
$sth = $dbh->prepare($sql);
$sth->execute(array(':entite_juridique' => $entite_juridique, ':enseigne_commerciale' => $enseigne_commerciale,':raison_sociale' => $raison_sociale,
':adresse' => $adresse, ':adresse2' => $adresse2,':cp' => $cp,
':ville' => $ville, ':country' => $country, ':region' => $region,
':departement' => $departement, ':tel' => $tel , ':email' => $email,
':website' => $website , ':categorie'=> $categorie, ':facebook' => $facebook,
':twitter' => $twitter, ':google' => $google, ':siren' => $siren,
':lieu_immat' => $lieu_immat, ':capital' => $capital , ':description' => $description, ':status' => $status ));
but i got the followin error code.
I do not see where there is an error...
Erreur : SQLSTATE[42000]: Syntax error or access violation: 1064 You
have an error in your SQL syntax; check the manual that corresponds to
your MySQL server version for the right syntax to use near
':entite_juridique, :enseigne_commerciale, :raison_sociale,:adresse,
:adresse2,:c' at line 2
Is someone see why?