Using the code
# the data we want to insert
$data = array($first_name, $last_name, $email_from, $telephone, $dateofbirth, $addresslone, $addressltwo, $townnm, $countynm, $typeapp, $issubscribed);
$STH = $dbh->prepare("INSERT INTO members (fname, sname, email, phone, dob, addressl1, addressl2, town, county, type, subscribed) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
$STH->execute($data);
?>
<!--<!DOCTYPE html>
<head><title></title></head><body> commented out during testing -->
Thank you for contacting us We will be in touch with you very soon.
<!-- </body></html> -->
The user is presented with the success message:
Thank you for contacting us We will be in touch with you very soon.
There are no php errors recorded.
This is to insert into this database
Error reporting is in the form of the PDO try catch:
catch(PDOException $e)
{
echo $e->getMessage();
}
Despite it looking as if it is working perfectly, however, the database seems unable to receive updates. :/
As per your database structure screenshot, table name is member and you used members into your insert query
Related
Testing the statement from all side, but failed to find a solution for it.
// Insert the new user into the database
if( $insert_stmt = $mysqli->prepare("INSERT INTO client (username, email,
password, reg_ip, salt, country, ref_id, pin, ref_by, ref_by_2) VALUES ( ?,
?, ?, ?, ?, ?, ?, ?, ?, ?)")){
$insert_stmt->bind_param("ssssssssii", $username, $email, $pass_2,
$reg_ip, $random_salt, $countryname, $ref_code, $hashed_pin, $user_id3,
$user_id4);
$insert_stmt->execute();
This never executes or gets inside the if statement.
I debugged it by removing the if part, that shows bind_param() is boolean error.
$insert_stmt = $mysqli->prepare("INSERT INTO client (username, email,
password, reg_ip, salt, country, ref_id, pin, ref_by, ref_by_2) VALUES ( ?,
?, ?, ?, ?, ?, ?, ?, ?, ?)");
$insert_stmt->bind_param("ssssssssii", $username, $email, $pass_2, $reg_ip,
$random_salt, $countryname, $ref_code, $hashed_pin, $user_id3, $user_id4);
if($insert_stmt->execute()){
Fatal error: Call to a member function bind_param() on boolean
I have done following test:
All 10 variables data type test = OK (with gettype() function)
Variables data value = OK (printed all data value for checking)
Mysql query statement = OK (tested on MYSQL directly with inputted data, mysql is inserting values)
There is no syntax error either.
Variable alignment is = Ok
Data connection is = ok (as it runs other prepare statements without errors on same page)
Then where is the mistake?
I figure it out.
Solution:
It was not working because of the previous prepare statement $stmt_aff connection was not closed.
Once I closed it. Next Prepare statement $insert_stmt started working.
A good lesson learned why bind_param boolean error get produced if there are multiple prepare statement on the same page.
$stmt_aff->close();
Im currently using mysqli, and I want a way to properly sanitize every single user input. Im looking for the most simple lightweight way to do this, as I understand that Im NOT supposed to use mysql_real_escape....
my query is like so
$stmt = $sql->prepare("INSERT INTO Persons (msg, ip, time, main, twit, city, lat, lon, lang)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)");
as i understand i'm supposed to use the function bindParam... If i use it like so, am i completley securing my user inputs?
$stmt->bind_param('sssssssss', $_POST[msg], ('$ip'), ('$date'), '$_POST[main]', '$_POST[twit]', ('$cit'), ('$lat'), ('$lon'), '$_POST[lang]');
$stmt->execute();
$stmt->close();
If this isn't securing my user inputs how do i properly do so?
You need to prepare the statement to be safe. Something like below (its probably not 100% but gives you an idea)
$sql = new mysqli("localhost", "my_user", "my_password", "world");
$stmt = $sql->prepare("INSERT INTO Persons (msg, ip, time, main, twit, city, lat, lon, lang)
VALUES
(?, ?, ?, ?, ?, ?, ?, ?, ?)");
$stmt->bind_param("sssssssss",$_POST[msg], $ip, $date, $_POST[main], $_POST[twit], $cit, $lat, $lon, $_POST[lang]);
$stmt->execute();
First of all you have to follow basic PHP syntax
'$_POST[msg]' would be inserted as a literal $_POST[msg] string, while you expecting a value for $_POST['msg'] variable.
Ok, before I get started I just want to say that I've read every answer on this site pertaining to this issue, and I still can't get it right. I know PHP is throwing this error because the prepare statement is not returning an object. I just have no idea why. Here's my code:
$stmt = $this->db->prepare("INSERT INTO locations (type, time, street, city, state, country, age, admission, rsvp_limit, keyword1, keyword2, keyword3, description, latitude, longitude, date_posted, member_id) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, now(), '1')");
var_dump($stmt);
if (!$stmt->bind_param("sssssssiissssdd", $type, $date, $street, $city, $state, $country, $age, $admission, $rsvp, $keyword1, $keyword2, $keyword3, $description, $latitude, $longitude)) {
throw new ErrorException($stmt->error, $stmt->errno);
}
$stmt->execute();
$stmt->close();
Here's the values being echoed that are sent to this statement:
TYPE: Party DATE: 1969-12-31 19:12:00 STREET: 50 Barret Parkway CITY: Marietta STATE: Georgia COUNTRY: United States AGE: 25+ ADMISSION: 20 RSVP: 1000 KEYWORD1: key1test KEYWORD2: key2test KEYWORD3: key3test DESCRIPTION: Description test LATITUDE: 33.950500 LONGITUDE: -84.535900
Now keep in mind, the previous string is just an echo string so the all caps words are not actually being sent to the db, just the statements after the colons. I've 20-drupled check the database and all the spellings are correct to the rows in the db all with adequate space and the correct types.
I've been staring at this problem for the past 5 hours while taking breaks to scour the internet for an answer and I draw blanks. Anybody know what's up. If it's any consolation I can add fields in to the database manually by hand and retrieve them with a $_GET variable just fine.
I have a site on host gator. I can connect with my pdo statement but the statement for the insert doesnt seem to work. Right now I have defined the values but i plan to use variabled pulled from a $_POST from a form on the previous page.
<?php
/*** mysql hostname ***/
$hostname = 'xxx.xxx.xxx.xxx';
/*** mysql username ***/
$username = 'pressgym_admin';
/*** mysql password ***/
$password = '*******'; <-started out on purpose
try {
$dbh = new PDO("mysql:host=$hostname;dbname=pressgym_press", $username, $password);
/*** echo a message saying we have connected ***/
$qry = $dbh->prepare('INSERT INTO contact (Name, Email Address, Message, Date) VALUES (?, ?, ?, ?');
$qry->execute(array('Brandon', 'Brandon.braner#gmail.com', 'test message', '3.12.12'));
echo 'entry succesfull';
}
catch(PDOException $e)
{
echo $e->getMessage();
}
?>
describe contact;
Name varchar(255) NO PRI
EmailAddress varchar(255) NO
Message longtext NO
Date varchar(255) YES
The SQL syntax in your prepare command contains errors:
qry = $dbh->prepare('INSERT INTO contact (Name, Email Address, Message, Date) VALUES (?, ?, ?), ?');
should be
qry = $dbh->prepare('INSERT INTO contact (Name, `Email Address`, Message, Date) VALUES (?, ?, ?, ?)');
you have a syntax error. the following line
$qry = $dbh->prepare('INSERT INTO contact (Name, Email Address, Message, Date) VALUES(?, ?, ?), ?');
should be
$qry = $dbh->prepare('INSERT INTO contact (Name, Email Address, Message, Date) VALUES (?, ?, ?, ?)');
Update:
your column name Email Address contains a space escape it by using proper quote identifier like
INSERT INTO contact (Name, `Email Address`, Message, Date) VALUES (?, ?, ?, ?)'
DB::construct();
$STH = DB::prepare('INSERT INTO users (username, password, email, activationkey) VALUES (?, UNHEX(?), ?, ?)');
var_dump($STH);
$result = $STH->execute(array('test', 'nils', 'test#mail.com', '227a038fe9c81515b514cb152188e95c'));
echo "working? <br />";
if($result == false) echo 'noooo...';
It outputs and doesn't put anything in the database. Works with a similare code with DPO just without my DB class. But I doesn't get any errors. Anyone have an idea what the problem could be?
object(PDOStatement)#2 (1) { ["queryString"]=> string(87) "INSERT INTO users (username, password, email, activationkey) VALUES (?, UNHEX(?), ?, ?)" }
working? <br /> noooo...
The code seems OK (ofcourse, don't know what you've done under the hood). Doesn't PDO itself generate an error / what does var_dump($STH->errorInfo()); say?