I dont get any errors, but when I refresh my database nothing seems to be going through. The connection credentials are definitely correct.
$query = $pdo->prepare('INSERT INTO direct_transfer (fname, lname, add, city, post, country, email, nummag, donate) VALUES (:fname, :lname, :add, :city, :post, :country, :email, :nummag, :donate)');
$query->execute(array(':fname'=>$fname,
':lname'=>$lname,
':add'=>$add,
':city'=>$city,
':post'=>$post,
':country'=>$country,
':email'=>$email,
':nummag'=>$nummag,
':donate'=>$donate));
When you use reserved words in mysql, you need to escape them in backticks:
... (fname, lname, `add`, city, post, country, email, nummag, donate) ...
You should also add error handling so that PDO tells you right away what is wrong.
You can tell PDO to throw exceptions by adding this after you connect to the database:
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
You can also set the error handling mode when you open the connection, see the manual.
Without ':' in the array.
$query = $pdo->prepare('INSERT INTO `direct_transfer` (`fname`, `lname`, `add`, `city`, `post`, `country`, `email`, `nummag`, `donate`) VALUES (:fname, :lname, :add, :city, :post, :country, :email, :nummag, :donate)');
$query->execute(array('fname'=>$fname,
'lname'=>$lname,
'add'=>$add,
'city'=>$city,
'post'=>$post,
'country'=>$country,
'email'=>$email,
'nummag'=>$nummag,
'donate'=>$donate));
Related
Have seen tons of similar questions but still can't find out what's going on.
I'm using PHP's PDO to prepare a statement like that:
try{
$statement = $db->prepare("INSERT INTO $date (name, surname, email, phone, comment) VALUES (:name, :surname, :email, :phone, :comment)");
$statement->bindParam(':name', $name);
$statement->bindParam(':surname', $surname);
$statement->bindParam(':email', $email);
$statement->bindParam(':phone', $phone);
$statement->bindParam(':comment', $comment);
$statement->execute();
}
catch(PDOException $e){
die("Connection to database failed: " . $e->getMessage());
}
Have tried escaping everything with [] and specifying the database name before table name, but keep getting
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in
your SQL syntax; check the manual that corresponds to your MySQL server
version for the right syntax to use near '2017-08-11 (name, surname, email,
phone, comment) VALUES ('Test', 'Test', 'Test#' at line 1
INSERT INTO $date
It seems that there is a 2017-08-11 in $date var.
If you want to insert data into '2017-08-11' table, it should be escaped with ` symbol
try{
$statement = $db->prepare("INSERT INTO `$date` (name, surname, email, phone, comment) VALUES (:name, :surname, :email, :phone, :comment)");
$statement->bindParam(':name', $name);
$statement->bindParam(':surname', $surname);
$statement->bindParam(':email', $email);
$statement->bindParam(':phone', $phone);
$statement->bindParam(':comment', $comment);
$statement->execute();
}
catch(PDOException $e){
die("Connection to database failed: " . $e->getMessage());
}
Assuming that 2017-08-11 is a table name, simply encase it in backticks.
$statement = $db->prepare("INSERT INTO `$date` (name, surname, email, phone, comment) VALUES (:name, :surname, :email, :phone, :comment)");
sorry but you can't use special character when using the prepare statement, so what MySQL is actually seeing is INSERT INTO $date (name, surname, email, phone, comment) VALUES (:name, :surname, :email, :phone, :comment) which will trigger a syntax error.
here is a quick solution
try{
$db->query("INSERT INTO $date (name, surname, email, phone, comment) VALUES ($name, $surname, $email, $phone, $comment)");
}
catch(PDOException $e){
die("Connection to database failed: " . $e->getMessage());
}
According to everything I've found and seen, this seems correct. When I print $query the outcome is the following:
"INSERT INTO customers (FirstName, MiddleInit, LastName, Address, City, State, Zip, Email, Gender) VALUES (?,?,?,?,?,?,?,?,?)"
The parameters should have been filled in with the variables in bindValues(). So, for example ...
INSERT INTO customers (FirstName, MiddleInit, LastName, Address, City, State, Zip, Email, Gender) VALUES (Bill, A, Hopkins, 123 Ave, ....)
I'd like to stick with this method - it is surrounded by a try/catch block. From printing the query variable out I can see that is where the issue is.
What am I missing? I really appreciate you looking!
$query = 'INSERT INTO customers (FirstName, MiddleInit, LastName, Address, City, State, Zip, Email, Gender) VALUES (?,?,?,?,?,?,?,?,?)';
echo $query;
$statement = $db->prepare($query);
$statement->bindValue(1, $firstName);
$statement->bindValue(2, $middle);
$statement->bindValue(3, $lastName);
$statement->bindValue(4, $address);
$statement->bindValue(5, $city);
$statement->bindValue(6, $state);
$statement->bindValue(7, $zip);
$statement->bindValue(8, $email);
$statement->bindValue(9, $gender);
$success = ($statement->execute());
We need more code considering the error but you can try this with prepared statements:
$query = 'INSERT INTO customers (FirstName, MiddleInit, LastName, Address, City, State, Zip, Email, Gender) VALUES (:firstName, :middle, :lastName, :address, :city, :state, :zip, :email, :gender)';
$statement = $db->prepare($sql);
$statement->execute(array(':firstName'=>$firstName, ':middle'=>$middle, ':lastName'=>$lastName, ':address'=>$address, ':city'=>$city, ':state'=>$state, ':zip'=>$zip, ':email'=>$email, ':gender'=>$gender));
I will admit I am a newbie when it comes to PDO, but I have to change over a form that is in mysql.. I am getting connection, but nothing inserted.. I am truly stuck and feel like an idiot because I know it is something simple I am missing
I have tried having the arrays above and after the insert.. Neither work
Any help would be appreciated
Here is my code:
$conn = new PDO("mysql:host=$dbhost;dbname=$dbname",$dbuser,$dbpass);
$STH = $conn->prepare("INSERT INTO PinTrade (ID, PIN, Year, Make, Model, Mileage, FirstName, LastName, Phone, Email, Date)
VALUES ('', '$pin', '$year', '$make', '$model', '$mileage', '$first', '$last', '$phone', '$email', '1234' )");
$STH->bindParam(':PIN', $_POST['pin']);
$STH->bindParam(':Year', $_POST['year']);
$STH->bindParam(':Make', $_POST['make']);
$STH->bindParam(':Model', $_POST['model']);
$STH->bindParam(':Mileage', $_POST['mileage']);
$STH->bindParam(':FirstName', $_POST['first']);
$STH->bindParam(':LastName', $_POST['last']);
$STH->bindParam(':Phone', $_POST['phone']);
$STH->bindParam(':Email', $_POST['email']);
$STH->execute();
Get rid of the dollar signs and quotes in your query values:
$STH = $conn->prepare("INSERT INTO PinTrade (ID, PIN, Year, Make,
Model, Mileage, FirstName, LastName, Phone, Email, Date)
VALUES (null, :PIN, :Year, :Make, //and so on....
Also note, assuming ID is an auto incrementing field, just insert null
VALUES (null, :PIN,
Finally, if you're pulling from the post array, I'd use bindValue over bindParam
I am having problems getting an sql query correct to update user profiles. I use (basically) the same query to INSERT the data and it works fine (just without the WHERE id=clientid and without clientid in the execute array. The query below does not update any data in the database.
I tested and made sure that all the variables are being posted and they are. As a sidenote, is this query safe from sql injection?
$conn = new PDO("mysql:host=$DB_HOST;dbname=$DB_DATABASE",$DB_USER,$DB_PASSWORD);
// Deal with the POST variables here...(excluded)
$sql = "UPDATE clients (firstname, lastname, origincountry, dob, gender, email, phone, address, postal, city, province, referred, notes)
VALUES (:firstname, :lastname, :origincountry, :dob, :gender, :email, :phone, :address, :postal, :city, :province, :referred, :notes)
WHERE id = :clientid" ;
$q = $conn->prepare($sql);
$q->execute(array(':firstname'=>$firstname,
':lastname'=>$lastname,
':origincountry'=>$origincountry,
':dob'=>$dob,
':gender'=>$gender,
':email'=>$email,
':phone'=>$phone,
':address'=>$address,
':postal'=>$postal,
':city'=>$city,
':province'=>$province,
':referred'=>$referred,
':notes'=>$notes,
':clientid'=>$clientid));
Your SQL is invalid. See UPDATE. (thanks to #rambocoder for pointing that out).
Use this SQL:
UPDATE clients SET firstname = :firstname, lastname = :lastname, origincountry = :origincountry, dob = :dob, gender = :gender, email = :email, phone = :phone, address = :address, postal = :postal, city = :city, province = :province, referred = :referred, notes = :notes
WHERE id = :clientid
I am inserting a record and i want to use the id of the last record inserted.
This is what i have tried:
$sql = 'INSERT INTO customer
(first_name, last_name, email, password,
date_created, dob, gender, customer_type)
VALUES(:first_name, :last_name, :email, :password,
:date_created, :dob, :gender, :customer_type)'
. ' SELECT LAST_INSERT_ID()' ;
I am getting the error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SELECT LAST_INSERT_ID()'.
Can anyone show me where is my mistake?
Thanks!
Check out mysql_insert_id()
mysql_query($sql);
$id = mysql_insert_id();
When that function is run after you've executed your INSERT statement in a mysql_query() command its result will be the ID of the row that was just created.
You can do another query:
$last_id = "SELECT LAST_INSERT_ID()";
Or try to add ; in your query:
INSERT INTO customer
(first_name,
last_name,
email,
password,
date_created,
dob,
gender,
customer_type)
VALUES(:first_name,
:last_name,
:email,
:password,
:date_created,
:dob,
:gender,
:customer_type)<b>;</b>' . ' SELECT LAST_INSERT_ID()';