I am having a slight issue adding a record into the database.
For some reason it is not adding the record into the database.
I have a form in HTML and serialize it with jQuery to use in an AJAX request. I know this works as I used to use it with the old mysql commands.
This is what I have in the insert.php file:
$ln=($_POST['lastname']);
$fn=($_POST['firstname']);
$dob=($_POST['dob']);
$un=($_POST['username']);
$a1=($_POST['address1']);
$a2=($_POST['address2']);
$town=($_POST['town']);
$county=($_POST['county']);
$pc=($_POST['postcode']);
$country=($_POST['country']);
$lat=($_POST['lat']);
$lng=($_POST['lng']);
$lp=($_POST['landline']);
$mp=($_POST['mobile']);
$e1=($_POST['email1']);
$e2=($_POST['email2']);
$web=($_POST['web']);
$notes=($_POST['notes']);
$fb=($_POST['fbid']);
$tw=($_POST['twitter']);
$cat=($_POST['cat']);
$it=($_POST['Time']);
$idate=($_POST['Date']);
$iip=($_POST['ipaddress']);
$ib=($_POST['browser']);
$ios=($_POST['os']);
These are the posted values being used from the form.
I then have the following queries (I have 5 different ones as they are writing to 5 tables. As I say, this worked with the old mysql commands, but not the PDO commands.
$sqlp = $conn->prepare("INSERT INTO ".PERSON." (lastname, firstname, dob, adbkid) VALUES(:ln, :fn, :dob, :un)");
$sqlp->execute();
$idp = $conn->lastInsertId();
$sqla = $conn->prepare("INSERT INTO ".ADDRESS." (address1, address2, town, county, postcode, country, lat, lng, personID) VALUES (:a1, :a2, :town, :county, :pc, :country, :lat, :lng, :un)");
$sqla->execute();
$ida = $conn->lastInsertId();
$sqlc = $conn->prepare("INSERT INTO ".CONTACT." (landline, mobile, email1, email2, personID) VALUES (:lp, :mp, :e1, :e2, :un)");
$sqlc->execute();
$idc = $conn->lastInsertId();
$sqlm = $conn->prepare("INSERT INTO ".MISC." (web, notes, photo, fbid, twitter, cat, personID) VALUES (:web, :notes, :pic, :fb, :tw, :cat, :un)");
$sqlm->execute();
$idm = $conn->lastInsertId();
$sqlv = $conn->prepare("INSERT INTO ".VARI." (Time, Date, ipaddress, browser, os, personID) VALUES (:it, :idate, :ip, :ib, :ios, :un)");
$sqlv->execute();
$idv = $conn->lastInsertId();
$sqlp->bindValue(':ln', $ln);
$sqlp->bindValue(':fn', $fn);
$sqlp->bindValue(':dob', $dob);
$sqlp->bindValue(':un', $un);
$sqla->bindValue(':a1', $a1);
$sqla->bindValue(':a2', $a2);
$sqla->bindValue(':town', $town);
$sqla->bindValue(':county', $county);
$sqla->bindValue(':pc', $pc);
$sqla->bindValue(':country', $country);
$sqla->bindValue(':lat', $lat);
$sqla->bindValue(':lng', $lng);
$sqlc->bindValue(':lp', $lp);
$sqlc->bindValue(':mp', $mp);
$sqlc->bindValue(':e1', $e1);
$sqlc->bindValue(':e2', $e2);
$sqlm ->bindValue(':web', $web);
$sqlm ->bindValue(':notes', $notes);
$sqlm ->bindValue(':pic', $pic);
$sqlm ->bindValue(':fb', $fb);
$sqlm ->bindValue(':tw', $tw);
$sqlm ->bindValue(':cat', $cat);
$sqlv ->bindValue(':it', $it);
$sqlv ->bindValue(':idate', $idate);
$sqlv ->bindValue(':iip', $iip);
$sqlv ->bindValue(':ib', $ib);
$sqlv ->bindValue(':ios', $ios);
I have ran these with a try catch to see if I can figure out what is going on and I get the following error:
"SQLSTATE[HY093]: Invalid parameter number: no parameters were bound"
I have echoed out what is being put into each of the values and it corresponds with what I have in entered into the form.
I am also trying to echo out the last inserted ID's for each table and it isn't echoing that out.
I have had a look around Google and php.net and here and from what I read I am doing everything as they say I should be.
I am at a loss as to what is happening.
If you had any pointers they would be most welcome.
you have to bind the params first and then execute it
i.e:
$sqlp = $conn->prepare("INSERT INTO ".PERSON." (lastname, firstname, dob, adbkid) VALUES(:ln, :fn, :dob, :un)");
$sqlp->bindValue(':ln', $ln);
$sqlp->bindValue(':fn', $fn);
$sqlp->bindValue(':dob', $dob);
$sqlp->bindValue(':un', $un);
$sqlp->execute();
$idp = $conn->lastInsertId();
...
Related
I'm getting the following error
Link to DBconfig.php ->
Link to code ->
Can you guys please help me ;)
thank you!
My code ->
<?php
include '../header.php';
include '../dbconfig.php';
if(isset($_POST['registreer'])){
$naam = $_POST['naam'];
$email = $_POST['email'];
$wachtwoord = $_POST['wachtwoord'];
$insert = $db->prepare("INSERT INTO klant(naam, adres, postcode, email, password)
values(:name, :adres, :postcode, :woonplaats, :email, :pass) ");
$insert->bindParam(':naam',$naam);
$insert->bindParam(':adres',$adres);
$insert->bindParam(':postcode',$postcode);
$insert->bindParam(':woonplaats',$woonplaats);
$insert->bindParam(':email',$email);
$insert->bindParam(':wachtwoord',$wachtwoord);
$insert->execute();
}
?>
values(:name, :adres, :postcode, :woonplaats, :email, :pass) ");
You have parameters :name and :pass but in your bindings you have spelled them in Dutch:
$insert->bindParam(':naam',$naam);
$insert->bindParam(':wachtwoord',$wachtwoord);
PDO doesn't know how to translate parameter names between English and Dutch. :-)
You are sending to many parameters.
$insert = $db->prepare("INSERT INTO klant(naam, adres, postcode, email, password) values(:name, :adres, :postcode, :woonplaats, :email, :pass) ");
You have the insert into " naam, adres, postcode, email and password" (that's 5)
And you are trying to insert 6 values.
"Name, adres, postcode, woonplaats, email and pass.
Sorry for the poor formating, I am on mobile.
According to everything I've found and seen, this seems correct. When I print $query the outcome is the following:
"INSERT INTO customers (FirstName, MiddleInit, LastName, Address, City, State, Zip, Email, Gender) VALUES (?,?,?,?,?,?,?,?,?)"
The parameters should have been filled in with the variables in bindValues(). So, for example ...
INSERT INTO customers (FirstName, MiddleInit, LastName, Address, City, State, Zip, Email, Gender) VALUES (Bill, A, Hopkins, 123 Ave, ....)
I'd like to stick with this method - it is surrounded by a try/catch block. From printing the query variable out I can see that is where the issue is.
What am I missing? I really appreciate you looking!
$query = 'INSERT INTO customers (FirstName, MiddleInit, LastName, Address, City, State, Zip, Email, Gender) VALUES (?,?,?,?,?,?,?,?,?)';
echo $query;
$statement = $db->prepare($query);
$statement->bindValue(1, $firstName);
$statement->bindValue(2, $middle);
$statement->bindValue(3, $lastName);
$statement->bindValue(4, $address);
$statement->bindValue(5, $city);
$statement->bindValue(6, $state);
$statement->bindValue(7, $zip);
$statement->bindValue(8, $email);
$statement->bindValue(9, $gender);
$success = ($statement->execute());
We need more code considering the error but you can try this with prepared statements:
$query = 'INSERT INTO customers (FirstName, MiddleInit, LastName, Address, City, State, Zip, Email, Gender) VALUES (:firstName, :middle, :lastName, :address, :city, :state, :zip, :email, :gender)';
$statement = $db->prepare($sql);
$statement->execute(array(':firstName'=>$firstName, ':middle'=>$middle, ':lastName'=>$lastName, ':address'=>$address, ':city'=>$city, ':state'=>$state, ':zip'=>$zip, ':email'=>$email, ':gender'=>$gender));
I will admit I am a newbie when it comes to PDO, but I have to change over a form that is in mysql.. I am getting connection, but nothing inserted.. I am truly stuck and feel like an idiot because I know it is something simple I am missing
I have tried having the arrays above and after the insert.. Neither work
Any help would be appreciated
Here is my code:
$conn = new PDO("mysql:host=$dbhost;dbname=$dbname",$dbuser,$dbpass);
$STH = $conn->prepare("INSERT INTO PinTrade (ID, PIN, Year, Make, Model, Mileage, FirstName, LastName, Phone, Email, Date)
VALUES ('', '$pin', '$year', '$make', '$model', '$mileage', '$first', '$last', '$phone', '$email', '1234' )");
$STH->bindParam(':PIN', $_POST['pin']);
$STH->bindParam(':Year', $_POST['year']);
$STH->bindParam(':Make', $_POST['make']);
$STH->bindParam(':Model', $_POST['model']);
$STH->bindParam(':Mileage', $_POST['mileage']);
$STH->bindParam(':FirstName', $_POST['first']);
$STH->bindParam(':LastName', $_POST['last']);
$STH->bindParam(':Phone', $_POST['phone']);
$STH->bindParam(':Email', $_POST['email']);
$STH->execute();
Get rid of the dollar signs and quotes in your query values:
$STH = $conn->prepare("INSERT INTO PinTrade (ID, PIN, Year, Make,
Model, Mileage, FirstName, LastName, Phone, Email, Date)
VALUES (null, :PIN, :Year, :Make, //and so on....
Also note, assuming ID is an auto incrementing field, just insert null
VALUES (null, :PIN,
Finally, if you're pulling from the post array, I'd use bindValue over bindParam
I dont get any errors, but when I refresh my database nothing seems to be going through. The connection credentials are definitely correct.
$query = $pdo->prepare('INSERT INTO direct_transfer (fname, lname, add, city, post, country, email, nummag, donate) VALUES (:fname, :lname, :add, :city, :post, :country, :email, :nummag, :donate)');
$query->execute(array(':fname'=>$fname,
':lname'=>$lname,
':add'=>$add,
':city'=>$city,
':post'=>$post,
':country'=>$country,
':email'=>$email,
':nummag'=>$nummag,
':donate'=>$donate));
When you use reserved words in mysql, you need to escape them in backticks:
... (fname, lname, `add`, city, post, country, email, nummag, donate) ...
You should also add error handling so that PDO tells you right away what is wrong.
You can tell PDO to throw exceptions by adding this after you connect to the database:
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
You can also set the error handling mode when you open the connection, see the manual.
Without ':' in the array.
$query = $pdo->prepare('INSERT INTO `direct_transfer` (`fname`, `lname`, `add`, `city`, `post`, `country`, `email`, `nummag`, `donate`) VALUES (:fname, :lname, :add, :city, :post, :country, :email, :nummag, :donate)');
$query->execute(array('fname'=>$fname,
'lname'=>$lname,
'add'=>$add,
'city'=>$city,
'post'=>$post,
'country'=>$country,
'email'=>$email,
'nummag'=>$nummag,
'donate'=>$donate));
I am having problems getting an sql query correct to update user profiles. I use (basically) the same query to INSERT the data and it works fine (just without the WHERE id=clientid and without clientid in the execute array. The query below does not update any data in the database.
I tested and made sure that all the variables are being posted and they are. As a sidenote, is this query safe from sql injection?
$conn = new PDO("mysql:host=$DB_HOST;dbname=$DB_DATABASE",$DB_USER,$DB_PASSWORD);
// Deal with the POST variables here...(excluded)
$sql = "UPDATE clients (firstname, lastname, origincountry, dob, gender, email, phone, address, postal, city, province, referred, notes)
VALUES (:firstname, :lastname, :origincountry, :dob, :gender, :email, :phone, :address, :postal, :city, :province, :referred, :notes)
WHERE id = :clientid" ;
$q = $conn->prepare($sql);
$q->execute(array(':firstname'=>$firstname,
':lastname'=>$lastname,
':origincountry'=>$origincountry,
':dob'=>$dob,
':gender'=>$gender,
':email'=>$email,
':phone'=>$phone,
':address'=>$address,
':postal'=>$postal,
':city'=>$city,
':province'=>$province,
':referred'=>$referred,
':notes'=>$notes,
':clientid'=>$clientid));
Your SQL is invalid. See UPDATE. (thanks to #rambocoder for pointing that out).
Use this SQL:
UPDATE clients SET firstname = :firstname, lastname = :lastname, origincountry = :origincountry, dob = :dob, gender = :gender, email = :email, phone = :phone, address = :address, postal = :postal, city = :city, province = :province, referred = :referred, notes = :notes
WHERE id = :clientid