Hi I am getting error during the execution of PDO prepare statement. My local development works fine but when I try to insert to cleardb in cloud this error occur:
SQLSTATE[42000]: Syntax error or access violation: 1142 INSERT command denied to user 'b2218f51d4a66e'#'191.235.136.58' for table 'user'' in /var/www/php1/CRUD.php:52
function create_User($firstname, $lastname, $username, $password, $address, $city, $zip, $country, $email) {
global $dbh;
$this->password = $password;
$token = md5($this->salt1 . $this->password . $this->salt2);
$this->sth = $dbh->prepare('INSERT INTO `Php_Project`.`User`
(
userName,
passWord,
create_DateStamp,
e_mail)
VALUES
(
:username,
:token,
NOW(),
:email
);
');
$this->sth->bindParam(':username', $username, PDO::PARAM_STR);
$this->sth->bindParam(':token', $token, PDO::PARAM_STR);
$this->sth->bindParam(':email', $email, PDO::PARAM_STR);
if ($this->sth->execute()) {
$this->message = "true";
} else {
$this->message = "false";
}
if ($this->message == "true") {
$userId = $dbh->lastInsertId();
$this->sth = $dbh->prepare('INSERT INTO `Php_Project`.`user_Detail`
(
firstName,
lastname,
adress,
zip,
city,
country,
userId)
VALUES
(
:firstname,
:lastname,
:address,
:zip,
:city,
:country,
:userId
);');
$this->sth->bindParam(':firstname', $firstname, PDO::PARAM_STR);
$this->sth->bindParam(':lastname', $lastname, PDO::PARAM_STR);
$this->sth->bindParam(':address', $address, PDO::PARAM_STR);
$this->sth->bindParam(':zip', $zip, PDO::PARAM_INT);
$this->sth->bindParam(':city', $city, PDO::PARAM_STR);
$this->sth->bindParam(':country', $country, PDO::PARAM_STR);
$this->sth->bindParam(':userId', $userId, PDO::PARAM_STR);
if ($this->sth->execute()) {
$this->message = true;
} else {
$this->message = false;
}
}
}
This is a permissions problem. Your database user has the INSERT permission for the table on your development server but not on your production server, so you'll need to change the user permissions using GRANT on your production server.
Related
So i'm building a website where you can buy tickets etc. So I want to have a login system, I started building the website and started with the PHP code to sign in but I always get the error Array?? It does work when I only want to insert a variable email and the rest plain text.
I've spend a whole week trying different methods etc. But I don't get why it doesn't work.
I even get the same error when I use constants instead of POST variables...
CREATE TABLE Users(
userId SERIAL,
email VARCHAR(40) NOT NULL,
password VARCHAR(30) NOT NULL,
firstName VARCHAR(20) NOT NULL,
lastName VARCHAR(20) NOT NULL,
age INT NOT NULL,
organizer BOOLEAN NOT NULL,
region VARCHAR(30),
favouriteGenre VARCHAR(15),
description VARCHAR(200),
PRIMARY KEY(userId)
);
<?php
require 'globals.php';
try {
$db_conn = new PDO("pgsql:host=$db_host;dbname=$db_name", $db_user, $db_password);
} catch (PDOException $e) {
die("Error: ".$e->getMessage()."\n");
}
$email = $_POST['email'];
$password = $_POST['password'];
$pwdConfirm = $_POST['confirm'];
$firsName = $_POST['firstName'];
$lastName = $_POST['lastName'];
$age = $_POST['age'];
$rol = $_POST['rol'];
$region = $_POST['region'];
$favGenre = $_POST['favGenre'];
$description = $_POST['description'];
//TODO inputChecks
$query = $db_conn->prepare('INSERT INTO users (email, password, firstName, lastName, age, organizer)
VALUES (:email, :password, :firstName, :lastName, :age, :organizer)');
$query->bindParam(':email', $email, PDO::PARAM_STR, 40);
$query->bindParam(':password', $password, PDO::PARAM_STR, 30);
$query->bindParam(':firstName', $firstName, PDO::PARAM_STR, 20);
$query->bindParam(':lastName', $lastName, PDO::PARAM_STR, 20);
$query->bindParam(':age', $age, PDO::PARAM_INT);
$query->bindParam(':organizer', $firstName, PDO::PARAM_BOOL);
if ($query->execute()) {
echo "success!";
} else {
die("Execute query error: ".$db_conn->errorInfo());
}
$db_conn = NULL;
I expect it to insert it into the database and don't give an error anymore.
Try this
$query = $db_conn->prepare('INSERT INTO users (email, password, firstName, lastName, age, organizer,region, favouriteGenre, description)
VALUES (:email, :password, :firstName, :lastName, :age, :organizer, :region, :favouriteGenre, :description)');
$query->bindParam(':email', $email, PDO::PARAM_STR, 40);
$query->bindParam(':password', $pwd, PDO::PARAM_STR, 30);
$query->bindParam(':firstName', $firstName, PDO::PARAM_STR, 20);
$query->bindParam(':lastName', $lastName, PDO::PARAM_STR, 20);
$query->bindParam(':age', $age, PDO::PARAM_INT);
$query->bindParam(':organizer', $firstName, PDO::PARAM_BOOL);
$query->bindParam(':region', $region, PDO::PARAM_STR);
$query->bindParam(':favouriteGenre', $favGenre, PDO::PARAM_STR);
$query->bindParam(':description', $description, PDO::PARAM_STR);
One of the possible causes of the error you are getting is that you are trying to insert 6 values into a table with 9 fields.Another possible cause of the bug is that you have defined the variable for password as $pwd but use $password variable when binding parameters.
I developed php simple page to register users and check if the user exists or not but it is not working and displays the fallowing error :
Fatal error: Call to a member function execute() on boolean in /Applications/XAMPP/xamppfiles/htdocs/one/include/DbOperation.php on line 31
and php code here please help us for this issue
<?php
class DbOperation
{
private $conn;
enter code here
//Constructor
function __construct()
{
require_once('Constants.php');
require_once('DbConnect.php');
// opening db connection
$db = new DbConnect();
$this->conn = $db->connect();
}
//Function to create a new user
public function createUser($username, $pass, $email, $name, $phone)
{
if (!$this->isUserExist($username, $email, $phone)) {
$password = md5($pass);
$stmt = $this->conn->prepare("INSERT INTO users (username, password, email, name, phone) VALUES (?, ?, ?, ?, ?)");
$stmt->bind_param("sssss", $username, $password, $email, $name, $phone);
if ($stmt->execute()) {
return USER_CREATED;
} else {
return USER_NOT_CREATED;
}
} else {
return USER_ALREADY_EXIST;
}
}
private function isUserExist($username, $email, $phone)
{
$stmt = $this->conn->prepare("SELECT id FROM users WHERE username = ? OR email = ? OR phone = ?");
//if($query = $this->db->conn->prepare($sql)){
$stmt->bind_param(array("sss", $username, $email, $phone));
$stmt->execute();
$stmt->store_result();
$stmt->fetch();
$stmt->close();
return $stmt->num_rows > 0;
}
}
?>
In your isUserExist() function it looks like your bind_param has an array which shouldn't be there:
$stmt->bind_param(array("sss", $username, $email, $phone));
should be:
$stmt->bind_param("sss", $username, $email, $phone);
This is most likely why mysqli->bind_param is returning FALSE
change your isUserExist as below:
private function isUserExist($username, $email, $phone)
{
$stmt = $this->conn->prepare("SELECT id FROM users WHERE username = ? OR email = ? OR phone = ?");
//if($query = $this->db->conn->prepare($sql)){
$stmt->bind_param("sss", $username, $email, $phone); // change here remove array
$stmt->execute();
$stmt->store_result();
$stmt->fetch();
//$stmt->close(); // change this comment or remove this
return $stmt->num_rows > 0;
}
use this in isUserExist() function
$stmt->bind_param("sss", $username, $email, $phone);
When I run this code, I get the following error:
Fatal error call to a member function bind_param() on a non-object.
Here is the code for the function:
public function storeUser($name, $email, $password, $phone, $address1, $address2) {
$uuid = uniqid('', true);
$hash = $this->hashSSHA($password);
$encrypted_password = $hash["encrypted"]; // encrypted password
$salt = $hash["salt"]; // salt
$stmt = $this->conn->prepare("INSERT INTO `users`(`id`, `unique_id`, `name`, `email`, `phone`, `address1`, `address2`, `encrypted_password`, `salt`, `created_at`) VALUES (?,?,?,?,?,?,?,?,NOW())");
$stmt->bind_param("ssssssss", $uuid, $name, $email, $phone, $address1, $address2, $encrypted_password, $salt);
$result = $stmt->execute();
$stmt->close();
// check for successful store
if ($result) {
$stmt = $this->conn->prepare("SELECT * FROM users WHERE email = ?");
$stmt->bind_param("s", $email);
$stmt->execute();
$user = $stmt->get_result()->fetch_assoc();
$stmt->close();
return $user;
} else {
return false;
}
}
Here is a pdo example since the connection method was not specified
public function connection ($username, $password, $servername, $databasename)
{
$this->conn = new PDO("mysql:host=$servername;dbname=$databasename", $username, $password);
return true;
}
public function storeUser($name, $email, $password, $phone, $address1, $address2)
{
$uuid = uniqid('', true); $hash = $this->hashSSHA($password);
$encrypted_password = $hash["encrypted"]; // encrypted password
$salt = $hash["salt"]; // salt
$stmt = $this->conn->prepare("INSERT INTO `users`(`id`, `unique_id`, `name`, `email`, `phone`, `address1`, `address2`, `encrypted_password`, `salt`, `created_at`) VALUES (?,?,?,?,?,?,?,?,NOW())");
$stmt->bindValue(1, $uuid, PDO::PARAM_STR);
$stmt->bindValue (2, $name, PDO::PARAM_STR);
$stmt->bindValue (3, $email, PDO::PARAM_STR);
$stmt->bindValue (4, $phone, PDO::PARAM_STR);
$stmt->bindValue (5, $address1, PDO::PARAM_STR);
$stmt->bindValue (6, $address2, PDO::PARAM_STR);
$stmt->bindValue (7, $encrypted_password, PDO::PARAM_STR);
$stmt->bindValue (8, $salt, PDO::PARAM_STR);
$result = $stmt->execute();
if ($result)
{
$stmt = $this->conn->prepare("SELECT * FROM users WHERE email = ?");
$stmt->bind_param(1, $email PDO::PARAM_STR);
$stmt->execute();
$user = $stmt->fetch(PDO::FETCH_ASSOC);
return $user;
}
else
{
return false;
}
}
I am trying to execute a prepared statement using a PDO via PHP on a MySQL database.
I have tried two versions of the code both have not worked. The function update will execute but nothing will get updated in the database. My view customerData functions using fetch() and fetchAll() both work as does my deleteData function.
My current database structure is:
customerID(int11)
firstName(varchar(50)
lastName(varchar(50)
address(varchar(50)
city(varchar(50)
state(varchar(50)
postalCode(varchar(20)
countryCode(char(2)
phone(varchar(20)
email(varchar(50)
password(varchar(20)
The current version of code I am using:
function update_customer($customerID, $firstName, $lastName, $address, $city, $state, $postalCode, $countryCode, $phone, $email, $password)
{
global $db;
$query = "UPDATE customers
SET
firstName = :first,
lastName = :last,
address = :add,
city = :c,
state = :s,
postalCode = :postal,
countryCode = :country,
phone = :p,
email = :e,
password = :password
WHERE customerID = :ID";
$statement = $db->prepare($query);
$statement->bindValue(':first',$firstName);
$statement->bindValue(':last', $lastName);
$statement->bindValue(':add', $address);
$statement->bindValue(':c' ,$city);
$statement->bindValue(':s',$state);
$statement->bindValue(':postal', $postalCode);
$statement->bindValue(':country',$countryCode);
$statement->bindValue(':p', $phone);
$statement->bindValue(':e', $email);
$statement->bindValue(':pass', $password);
$statement->bindValue(':ID', $customerID);
$statement->execute();
$statement->closeCursor();
}
The other version of code I have used
function update_customer($customerID, $firstName, $lastName, $address, $city, $state, $postalCode, $countryCode, $phone, $email, $password)
{
global $db;
$query = "UPDATE customers
SET
firstName = ?,
lastName = ?
address = ?,
city = ?,
state = ?,
postalCode = ?,
countryCode = ?,
phone = ?,
email = ?,
password = ?
WHERE customerID = ?";
$statement = $db->prepare($query);
$statement->bindParam('ssssssssssi', $firstName, $lastName, $address, $city, $state, $postalCode, $countryCode, $phone, $email, $password, $customerID);
$statement->execute();
$statement->closeCursor();
}
My other 3 prepared statements work perfectly, for example here is the prepared statement that populates the update customer form.
function view_customerData ($customerID) {
global $db;
$query = "SELECT * FROM customers
WHERE customerID = $customerID";
try {
$statement = $db->prepare($query);
$statement->execute();
$customerData = $statement->fetch();
return $customerData;
} catch (PDOException $e) {
$error_message = $e->getMessage();
echo "<p>Database error: $error_message </p>";
exit();
}
}
Try to put the whole update customer code on try block and put catch block if any error occurs. But first of all fix this line
$statement->bindValue(':pass', $password);
to
$statement->bindValue(':password', $password);
^^^^
try {
//.....put your update customer code here ...
} catch (PDOException $e) {
$error_message = $e->getMessage();
echo "<p>Database error: $error_message </p>";
exit();
}
I have created register form page using php.
This is code_exec.php:
<?php
include 'config.php';
error_reporting(E_ERROR);
session_start();
$form = $_POST;
$fname=$form['fname'];
$lname=$form['lname'];
$email=$form['email'];
$pass=$form['pass'];
$phone=$form['phone'];
$sex_select=$form['sex_select'];
$month=$form['month'];
$day=$form['day'];
$year=$form['year'];
$result = "INSERT INTO crop ( fname, lname, email, pass, phone,`sex_select`, month,day,year) VALUES
( :fname, :lname, :email, :pass, :phone, :sex_select, :month, :day, :year)";
if (!$result) {
die(msg(0,"wrong query"));
}
?>
config.php:
<?php
$user = 'root';
$pass = '';
$db = new PDO( 'mysql:host=localhost;dbname=crop', $user, $pass );
?>
Now i didn't show any error, but didn't store user data.
May i know, what is my mistake with my code.
Thanks in advance.
Remove the field "year" from your table and rename it to something else.As mysql treats the year like a keyword .so it will not allow you to insert data into the table.
The same problem was raised for me few days back. I have tested in phpmyadmin.I found this solution.
And Also you need to execute the query like this
mysql_query($result);
then check if it is not executed..
you need to try like this
include 'config.php';
error_reporting(E_ERROR);
session_start();
$fname=$_POST['fname'];
$lname=$_POST['lname'];
$email=$_POST['email'];
$pass=$_POST['pass'];
$phone=$_POST['phone'];
$sex_select=$_POST['sex_select'];
$month=$_POST['month'];
$day=$_POST['day'];
$year=$_POST['year'];
$result = $db->prepare("INSERT INTO crop (`fname`, `lname`, `email`, `pass`, `phone`,`sex_select`, `month`,`day`,`year`) VALUES ( :fname, :lname, :email, :pass, :phone, :sex_select, :month, :day, :year)");
$result->bindValue(':fname', $fname, PDO::PARAM_STR);
$result->bindValue(':lname', $lname, PDO::PARAM_STR);
$result->bindValue(':email', $email, PDO::PARAM_STR);
$result->bindValue(':pass', $pass, PDO::PARAM_STR);
$result->bindValue(':phone', $phone, PDO::PARAM_STR);
$result->bindValue(':sex_select', $sex_select, PDO::PARAM_STR);
$result->bindValue(':month', $month, PDO::PARAM_STR);
$result->bindValue(':day', $day, PDO::PARAM_STR);
$result->bindValue(':year', $year, PDO::PARAM_STR);
$result->execute();