I have a weird error, using MyPhpAdmin, I added a row, and the script it generates is:
INSERT INTO 'Users'.'User_Accounts'('Account_ID', 'UserName',
'Email', 'PhoneNumber', 'Password') VALUES (NULL, 'fdsfsadf',
'dfsadf', 'sdfads', 'fsdfasdfsd');
That works, however when I use PHP PDO to insert it gives this error:
Table 'Users.User_Acounts' doesn't exist
uhhhh yes it does...
The PHP code:
$hostname = "127.0.0.1";
$port = "3306";
$database = "Users";
$username = "AccountControl";
$password = "w67hLAanWESGNJMC";
echo ">>";
$db = new PDO("mysql:host=$hostname; port=$port; dbname=$database", $username, $password);
echo ">>";
$UserName = "KiteDev";
$Email = "johndoveail.com";
$PhoneNumber = "66666";
$Password = "dfsgetagfdasg";
// Create the query
$query = "INSERT INTO User_Acounts (UserName, Email, Phon2eNumber, Password) VALUES (:name, :email, :phone, :pass )";
// Prepare statement with $stmt variable
$stmt = $db->prepare($query);
echo ">>";
// Bind parameters, (you can also remove the PDO::PARAM_INT)
$stmt->bindParam(':name', $UserName, PDO::PARAM_STR);
$stmt->bindParam(':email', $Email, PDO::PARAM_STR);
$stmt->bindParam(':phone', $PhoneNumber, PDO::PARAM_STR);
$stmt->bindParam(':pass', $Password, PDO::PARAM_STR);
// Execute the query once you're done binding all the params
$stmt->execute() or die(print_r($stmt->errorInfo(), true));
echo ">>";
Any ideas as to what's causing this?
You've misspelled User_Accounts. The table you created is User.User_Accounts but the table that doesn't exist is User.User_Acounts.
You wrote accounts with one c
Table 'Users.User_Acounts' doesn't exist
The Table Name is User_Accounts. In your php code, it is misspelled as User_Acounts
Correct it as
$query = "INSERT INTO User_Accounts (UserName, Email, Phon2eNumber,
Password) VALUES (:name, :email, :phone, :pass )";
Related
Every time I insert something into the second column in the database (uname) it ends up being 0. I debugged it and it has the correct text in php. Even if I hard code a value like "joe" it still inserts 0 in MySQL. The column is varchar(16). I also tried type Text. Here is the code:
<?php
$con = mysqli_connect("localhost", "user", "pw", "db");
$name = $_POST["name"];
$age = $_POST["age"];
$enteredUsername = $_POST["username"];
$password = $_POST["password"];
$statement = mysqli_prepare($con, "INSERT INTO user (name, uname, age, password) VALUES (?, ?, ?, ?)");
mysqli_stmt_bind_param($statement, "siss", $name, $enteredUsername, $age, $password);
mysqli_stmt_execute($statement);
$response = array();
$response["success"] = true;
echo json_encode($response);
?>
Change your bind parameters from int (i) to string (s):
mysqli_stmt_bind_param($statement, "ssis", $name, $enteredUsername, $age, $password);
I am trying to figure out how prepared statements work in PDO. I have the following file:
<?php
$user = "root";
$pass = "<removed for this post>";
$db = new PDO("mysql:host=localhost;dbname=pdo-demo", $user, $pass);
$stmt = $db->prepare("INSERT INTO pdo-demo (firstname, lastname, email) value (:firstname, :lastname, :email)");
$stmt->bindParam(':firstname', $firstname);
$stmt->bindParam(':lastname', $lastname);
$stmt->bindParam(':email', $email);
$firstname = "John";
$lastname = "Doe";
$email = "johndoe#nowhere123.com";
$stmt->execute();
$db = null;?>
When I enter the page nothing happens, what am I missing? Shouldn't it insert the data?
pdo-demo that translates to pdo minus demo And your using that name for database AND table.
Turns out I needed backticks (`) for the variable names like so:
$stmt = $db->prepare("INSERT INTO `pdo-demo` (`firstname`, `lastname`, `email`) value (:firstname, :lastname, :email)");
Now it worked
I want bind input from user befor add data to database , I wrote this code but I don't know how I complete it
$con=mysqli_connect('localhost', 'root', '', 'user');
$con->set_charset("utf8");
$result = mysqli_query($con,("INSERT INTO users(name, email, user_phone_number, password) VALUES (?,?,?,?)");
user input $name , $email , $user_phone_number , $password this pramter I don't want add directly to my database for that I used ????
in PDO I use bindValue but here what I should do ?
You don't use mysqli_query() with prepared statements, you use mysqli_prepare().
$stmt = mysqli_prepare($con, "INSERT INTO users(name, email, user_phone_number, password) VALUES (?,?,?,?)");
mysqli_stmt_bind_param($stmt, "ssss", $name, $email, $user_phone_number, $password);
$result = mysqli_stmt_execute($stmt);
Help! please, I'm trying to add Mysql injection to my code:
if($stmt = mysqli_prepare($dbconn,$sqlinsert="INSERT INTO `T`(`ID`,`FName`, `LName`, `Gender`, `Agreement`,`Photo`,`Photo_name`) VALUES ('$id','$fname','$lname','$Gender','$radios','$image','$image_name')"))
{
/* bind parameters for markers */
mysqli_stmt_bind_param($stmt, "i", $id);
}
I'm getting this warning
Warning: mysqli_stmt_bind_param(): Number of variables doesn't match number of parameters in prepared statement in C:\wamp\www\Ex\insert-data.php on line 30
Call Stack
# Time Memory Function Location
1 0.0005 142320 {main}( ) ..\insert-data.php:0
2 0.1655 294232 mysqli_stmt_bind_param ( ) ..\insert-data.php:30
line 30 is :
mysqli_stmt_bind_param($stmt, "i", $id);
Is there any way to fix that?
I tried this type $mysqli->prepare, but it didn't work.
Any idea?, Thanks for any help.
Assuming you are willing to use PDO instead of mysqli.
Your database connection should look like this:
DB.php
<?php
$host = 'localhost';
$dbname = 'Example';
$username = "root";
$password = "";
$conn = new PDO('mysql:host=localhost;dbname=Example', $username,
$password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
?>
Prepared Statements:
file.php
<?php
//Example prepared statement with INSERT
$reply = $conn->prepare("INSERT INTO reply (user_name,
receipient, comment, comment_id, user_image) VALUES
(:username,:receipient,:commentt,:commentid,:userimage)");
$reply->bindParam(":username", $user3_name, PDO::PARAM_STR);
$reply->bindParam(":receipient", $user2_name, PDO::PARAM_STR);
$reply->bindParam(":commentt", $comment2, PDO::PARAM_STR);
$reply->bindParam(":commentid", $c_id, PDO::PARAM_INT);
$reply->bindParam(":userimage", $u_image, PDO::PARAM_STR);
$reply->execute();
?>
FOR MYSQLI
db.php
<?php
$db = new mysqli("localhost","root","","dbname");
?>
file.php
<?php
$stmt = $db->prepare("INSERT INTO reply (user_name,
receipient, comment, user_image) VALUES
(?,?,?,?)");
$stmt->bind_param('ssss', $username, $receipient,$commentt,$userimage);
$stmt->execute();
?>
<?php
$fname = $_POST['first'];//should be the name attribute used in your form
$lname = $_POST['last'];
$gender = $_POST['gen'];
$agreement = $_POST['agree'];
$photo = $_POST['pic'];
$p_name = $_POST['pic_name'];
$stmt = $dbconn->prepare("INSERT INTO T(FName, LName, Gender,
Agreement,Photo,Photo_name) VALUES (?, ?, ?, ?, ?, ?)");
$stmt->bind_param('ssssss',$fname,$lname,$gender,$agreement,$photo,$p_name);
$stmt->execute();
?>
I am sorry to bother you with such a newbie question, and thank you for taking the time to go over it and answer it.
function dbaddusr($username, $email, $password){
try{
$conn = new PDO(CONNECTDATA);
$stmt = $conn->prepare("INSERT INTO 'users' ('username', 'email', 'password') VALUES (:username, :email, :password)");
$pass = crypt($password);
$result = $stmt->execute(array("username" => $username, "email" => $email, "password" => $pass));
} catch(PDOException $e) {
echo 'ERROR: ' . $e->getMessage();
return false;
}
}
Problem is, $result is always false. (I discovered this by some simple var_dump statements inside the try block.
I am very new to this and your help on fixing it is highly appreciated.
Don't quote the column names, if you want, use the backticks `
INSERT INTO users (username, email, password) VALUES (:username, :email, :password)
Change quotes to backticks for table & column name in your query,
$stmt = $conn->prepare("INSERT INTO `users` (`username`, `email`, `password`) VALUES
(:username, :email, :password)");
You are passing $pass in your array and your function accepts $password
Check your error messages to get specific details and you will find the problem.
A non-bloated version with all useless and wrong code cleaned.
function dbaddusr($username, $email, $password){
global $conn;
$sql = "INSERT INTO users (username, email, password) VALUES (?,?,?)";
$stmt = $conn->prepare($sql);
$pass = crypt($password);
$stmt->execute(array($username, $email, $pass));
}
You have to connect ONCE per application, and then use that single connection all the way.