I have a problem trying to insert new data into database,
i don't even get any error
$db = new MyPDO();
$datauser = array(
'account' => $acc,
'tid' => $tid,
'email' => $email,
'amount' => $amount,
'date' => 'NOW()',
'obj_id' => $object_id);
$sql = $db->query("INSERT INTO account_reg_log
(account, tid, email, amount, date, obj_id) VALUES
(:account, :tid, :email, :amount, :date, :obj_id)");
$sql->execute($datauser);
Checking database after running the script and see no new rows..
Any ideas how can i fix hat?
You need to prepare your statement instead of running a query directly with placeholders.
Change:
$sql = $db->query("INSERT INTO account_reg_log
(account, tid, email, amount, date, obj_id) VALUES
(:account, :tid, :email, :amount, :date, :obj_id)");
To:
$sql = $db->prepare("INSERT INTO account_reg_log
(account, tid, email, amount, date, obj_id) VALUES
(:account, :tid, :email, :amount, :date, :obj_id)");
You should also add error handling in your MyPDO class so that PDO will throw exceptions and tell you exactly what goes wrong when it goes wrong.
Related
So bassically I can't seem to send the array with the input values to my database.
I tried sending it seperately, it works, but it only sends the array or the way around. There are no errors.
if (isset($_POST['submit'])) {
$services = implode ("|", $_POST['services']);
mysqli_query($mysqli, "INSERT INTO klientai (package, name, surname, email, phone, message, services) VALUES('$_POST[package]', '$_POST[name]', '$_POST[surname]', '$_POST[email]', '$_POST[phone]', '$_POST[message]', '$services'");
}
mysql_query function is deprecated and is not secured, You should use another option.
You can use PDO for example:
https://www.php.net/manual/en/book.pdo.php
open connection
$pdo = new PDO('mysql:host=localhost;dbname=test', $user, $pass);
insert method 1
$sql = "INSERT INTO users (name, surname, sex) VALUES (?,?,?)";
$stmt= $pdo->prepare($sql);
$stmt->execute([$name, $surname, $sex]);
insert method 2
$data = [
'name' => $name,
'surname' => $surname,
'sex' => $sex,
];
$sql = "INSERT INTO users (name, surname, sex) VALUES (:name, :surname, :sex)";
$stmt= $pdo->prepare($sql);
$stmt->execute($data);
also check https://phpdelusions.net/pdo_examples/insert and
https://www.startutorial.com/articles/view/pdo-for-beginner-part-1
In this method, you don't need to escape your strings for SQL injection and it should also solve your problem.
I will admit I am a newbie when it comes to PDO, but I have to change over a form that is in mysql.. I am getting connection, but nothing inserted.. I am truly stuck and feel like an idiot because I know it is something simple I am missing
I have tried having the arrays above and after the insert.. Neither work
Any help would be appreciated
Here is my code:
$conn = new PDO("mysql:host=$dbhost;dbname=$dbname",$dbuser,$dbpass);
$STH = $conn->prepare("INSERT INTO PinTrade (ID, PIN, Year, Make, Model, Mileage, FirstName, LastName, Phone, Email, Date)
VALUES ('', '$pin', '$year', '$make', '$model', '$mileage', '$first', '$last', '$phone', '$email', '1234' )");
$STH->bindParam(':PIN', $_POST['pin']);
$STH->bindParam(':Year', $_POST['year']);
$STH->bindParam(':Make', $_POST['make']);
$STH->bindParam(':Model', $_POST['model']);
$STH->bindParam(':Mileage', $_POST['mileage']);
$STH->bindParam(':FirstName', $_POST['first']);
$STH->bindParam(':LastName', $_POST['last']);
$STH->bindParam(':Phone', $_POST['phone']);
$STH->bindParam(':Email', $_POST['email']);
$STH->execute();
Get rid of the dollar signs and quotes in your query values:
$STH = $conn->prepare("INSERT INTO PinTrade (ID, PIN, Year, Make,
Model, Mileage, FirstName, LastName, Phone, Email, Date)
VALUES (null, :PIN, :Year, :Make, //and so on....
Also note, assuming ID is an auto incrementing field, just insert null
VALUES (null, :PIN,
Finally, if you're pulling from the post array, I'd use bindValue over bindParam
I dont get any errors, but when I refresh my database nothing seems to be going through. The connection credentials are definitely correct.
$query = $pdo->prepare('INSERT INTO direct_transfer (fname, lname, add, city, post, country, email, nummag, donate) VALUES (:fname, :lname, :add, :city, :post, :country, :email, :nummag, :donate)');
$query->execute(array(':fname'=>$fname,
':lname'=>$lname,
':add'=>$add,
':city'=>$city,
':post'=>$post,
':country'=>$country,
':email'=>$email,
':nummag'=>$nummag,
':donate'=>$donate));
When you use reserved words in mysql, you need to escape them in backticks:
... (fname, lname, `add`, city, post, country, email, nummag, donate) ...
You should also add error handling so that PDO tells you right away what is wrong.
You can tell PDO to throw exceptions by adding this after you connect to the database:
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
You can also set the error handling mode when you open the connection, see the manual.
Without ':' in the array.
$query = $pdo->prepare('INSERT INTO `direct_transfer` (`fname`, `lname`, `add`, `city`, `post`, `country`, `email`, `nummag`, `donate`) VALUES (:fname, :lname, :add, :city, :post, :country, :email, :nummag, :donate)');
$query->execute(array('fname'=>$fname,
'lname'=>$lname,
'add'=>$add,
'city'=>$city,
'post'=>$post,
'country'=>$country,
'email'=>$email,
'nummag'=>$nummag,
'donate'=>$donate));
I've been trying out my PHP skills and it seems when I try to send out the information from my Android app to the PHP, it seems to send just the parameter names(The database shows :Lname as an example.) out to the database. We are using PDO as the way to communicate with the MySQL Database.
Here is the coding as follows:
$query = "INSERT INTO Customer ( Lname, Fname, Address, City, State, ZIP, Phone, myusername, mypassword ) VALUES ( ':Lname', ':Fname', ':Address', ':City', ':State', ':ZIP', ':Phone', ':myusername', ':mypassword')";
//Again, we need to update our tokens with the actual data:
$query_params = array(
':Lname' => $_POST['LName'],
':Fname' => $_POST['FName'],
':Address' => $_POST['Address'],
':City' => $_POST['City'],
':State' => $_POST['State'],
':ZIP' => $_POST['ZIP'],
':Phone' => $_POST['Phone'],
':myusername' => $_POST['username'],
':mypassword' => $_POST['password']
);
//time to run our query, and create the user
try {
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch (PDOException $ex) {
// For testing, you could use a die and message.
//die("Failed to run query: " . $ex->getMessage());
//or just use this use this one:
$response["success"] = 0;
$response["message"] = $ex->getMessage();
die(json_encode($response));
}
You have included literal values in your query string.
$query = "INSERT INTO Customer ( Lname, Fname, Address, City, State, ZIP, Phone, myusername, mypassword )
VALUES ( ':Lname', ':Fname', ':Address', ':City', ':State', ':ZIP', ':Phone', ':myusername', ':mypassword')";
should be
$query = "INSERT INTO Customer ( Lname, Fname, Address, City, State, ZIP, Phone, myusername, mypassword )
VALUES ( :Lname, :Fname, :Address, :City, :State, :ZIP, :Phone, :myusername, :mypassword)";
You need to remove the quotes from your SQL values, as its being interpreted as literal strings. If you remove them, you should be all good :)
$query = "INSERT INTO Customer ( Lname, Fname, Address, City, State, ZIP, Phone, myusername, mypassword ) VALUES ( ':Lname', ':Fname', ':Address', ':City', ':State', ':ZIP', ':Phone', ':myusername', ':mypassword')";
I am having a strange issue that I am just not finding a solution to. The problem is that the prepared sql statement is not binding in values, parameters or even passing them through the execute function. Instead, it inserts the ':blah' placeholder. As I said, I have tried bindParam, bindValue and this method all without result. However, I will try them all again now.
I outputted the parameters being sent right before the execute call.
Array ( [:username] => schenn [:salt] => NW5552wekj5155cNr52O54q56 [:hashpass] => 5e54240aec6294873d11d6ac3e5b135136a1b671 [:email] => monkey#monkey.com [:state] => OR [:country] => USA [:last_login] => 12/08/2011 )
Below is the code:
$query = "INSERT INTO player_acct (username, salt, hashpass, email, state, country, last_login)
VALUES (':username', ':salt', ':hashpass', ':email', ':state', ':country', ':last_login')";
$stmt = $pdoI->prepare($query);
$params = array(":username" => $this->username, ":salt" => $this->salt, ":hashpass" => $this->hashpass,
":email" => $this->email, ":state" => $this->state, ":country" => $this->country, ":last_login" => $this->last_login );
$stmt->execute($params);
You shouldnt be quoting the placeholders in the SQL. Try the following as your SQL string:
$query = "INSERT INTO player_acct (username, salt, hashpass, email, state, country,
last_login) VALUES (:username, :salt, :hashpass, :email, :state, :country, :last_login)";
You don't quote the binded values in the SQL statement when binding variables.
$query = "INSERT INTO player_acct (username, salt, hashpass, email, state, country, last_login) VALUES (:username, :salt, :hashpass, :email, :state, :country, :last_login)";
Also make sure $this->email, etc... is set correctly.