sign up form inserting data into mysql with pdo problem

Question

Eagle.Avik 0 Junior Poster in Training

10 Years Ago

hi, can anyone point out why is this script not working?? it does not inserting data into mysql..
here is the script:

if ($_SERVER['REQUEST_METHOD'] == 'POST' && $_POST['form_name'] == 'signupform')
{
   $newpassword = $_POST['password'];
   $confirmpassword = $_POST['confirmpassword'];
   $code = 'NA';
   $active = '1';

   if ($newpassword != $confirmpassword)
   {
      $error_message = 'Password and Confirm Password are not the same!';
   }
   else
   if (isset($_POST['captcha'],$_SESSION['random_txt']) && md5($_POST['captcha']) == $_SESSION['random_txt'])
   {
      unset($_POST['captcha'],$_SESSION['random_txt']);
   }
   else
   {
      $error_message = 'The entered code was wrong.';
   }
   if (empty($error_message))
   {
   try
    {
    $pdo = new PDO('mysql:host=localhost;dbname=blog', 'Avik', '');
    }
    catch (PDOException $e)
    {
    $output = 'Unable to connect to the database server.';
    echo $output;
    exit();
    }
    try
    {
      $sql = "SELECT username FROM ".$mysql_table." WHERE username = :username";
      $statement = $pdo->prepare($sql);
      $statement->bindValue(':username', $_POST['username']);
      $statement->execute();
      $result = $statement->fetchAll(PDO::FETCH_ASSOC);
    if (count($result) > 0)
    {
      $error_message = 'Username already used. Please select another username.';
    }
    }
    catch (PDOException $e)
    {
    $output = 'Unable to send query';
    echo $output;
    exit();
    }
   }
   if (empty($error_message))
   {
      $crypt_pass = md5($newpassword);
      try
      {
      $sql = "INSERT INTO ".$mysql_table." username = :username, password = :password, fullname = :fullname, email = :email, role = :role, active = :active, code = :code";
      $statement = $pdo->prepare($sql);
      $statement->bindValue(':username', $_POST['username']);
      $statement->bindValue(':password', md5($_POST['password']));
      $statement->bindValue(':fullname', $_POST['fullname']);
      $statement->bindValue(':email', $_POST['email']);
      $statement->bindValue(':role', $_POST['role']);
      $statement->bindValue(':active', $active);
      $statement->bindValue(':code', $code);
      $statement->execute();
      }
      catch (PDOException $e)
      {
      $output = 'Unable to connect to the database server.';
      echo $output;
      exit();
      }

      header('Location: '.$success_page);
      exit;
   }
}

php

6 Contributors
23 Replies
337 Views
2 Weeks Discussion Span
Latest Post 10 Years Ago Latest Post by brandon66

All 23 Replies

minitauros 151 Junior Poster

10 Years Ago

Are you getting any errors or is the data not being inserted without giving you a notice/warning/error?

LastMitch

10 Years Ago

no, it does not giving me any error, thats the problem, if it gives any error i can fix that.

@Eagle.Avik

Instead of this:

 $sql = "INSERT INTO ".$mysql_table." username = :username, password = :password, fullname = :fullname, email = :email, role = :role, active = :active, code = :code";

Try add the word VALUES

   $sql = "INSERT INTO ".$mysql_table." VALUES (username = :username, password = :password, fullname = :fullname, email = :email, role = :role, active = :active, code = :code)";

Edited 10 Years Ago by LastMitch

AARTI SHRIVAS 2 Posting Pro in Training

10 Years Ago

error must be in your query check your query give table name directly in place of $mysql_table then try.

minitauros 151 Junior Poster

10 Years Ago

First of all: are you then sure that your query is being executed?

Secondly: seems to me like a query problem, but I'm not sure! Have you tried either

$query = 'INSERT INTO ".$mysql_table." SET username = :username, password = :password, fullname = :fullname, email = :email, role = :role, active = :active, code = :code';

or

$query = 'INSERT INTO ".$mysql_table." (
        username,
        fullname,
        email,
        role,
        active,
        code
    ) VALUES (
        :username,
        :password,
        :fullname,
        :email,
        :role,
        :active,
        :code
    )';

?

minitauros 151 Junior Poster

10 Years Ago

Well, you could, of course, check the value of $error_message to see if the if() statement gets triggered. What does a var_dump($error_message); above the if() statement do?

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Eagle.Avik 0 Junior Poster in Training · Answer 1 · 2013-10-29T22:16:11+00:00

no, it does not giving me any error, thats the problem, if it gives any error i can fix that.

Eagle.Avik 0 Junior Poster in Training · Answer 2 · 2013-11-01T06:16:11+00:00

@LastMitch sorry but it didnt working and does not giving any error.
after fillup the signup form it take me to success page but no data inserted in the database

Eagle.Avik 0 Junior Poster in Training · Answer 3 · 2013-11-01T12:08:03+00:00

@minitauros sorry none of them giving me any errors,
@AARTI SHRIVAS sorry didnt work either.

they all send me to seccess page but do not submit data to the database.

by the way is there any problem in

 if (empty($error_message))

bcoz i convert the code from mysql to pdo. while it is in mysql it works, but since mysql is less secure and will not be continued in the future, i choose to use pdo, and after adding the bindValue it does not work.

if i dont use bind value it works. but for security reasons the i added bind value, but it dont work.

Eagle.Avik 0 Junior Poster in Training · Answer 4 · 2013-11-01T12:54:33+00:00

after i fill the signup form it redirects me to signup success page!!!

minitauros 151 Junior Poster Featured Poster · Answer 5 · 2013-11-01T13:17:27+00:00

minitauros 151 Junior Poster

10 Years Ago

Maybe you could temporarily disable the header? :)

Eagle.Avik 0 Junior Poster in Training · Answer 6 · 2013-11-02T00:33:18+00:00

@minitauros, i removed the headaer and added the

var_dump

it shows me error:

string '' (length=0)

what does this mean?? oh and i have updated my script a bit, here is the final script that i was testing with what you suggested.

$mysql_table = 'users';
$success_page = 'signupsuccess.php';
$error_message = "";
if ($_SERVER['REQUEST_METHOD'] == 'POST' && $_POST['form_name'] == 'signupform')
{
   $newusername = $_POST['username'];
   $newemail = $_POST['email'];
   $newpassword = $_POST['password'];
   $confirmpassword = $_POST['confirmpassword'];
   $newfullname = $_POST['fullname'];
   $newrole = $_POST['role'];
   $code = 'NA';
   $active = '1';
if ($newpassword != $confirmpassword)
   {
      $error_message = 'Password and Confirm Password are not the same!';
   }
   else
   if (!preg_match("/^[A-Za-z0-9_!@$]{1,50}$/", $newusername))
   {
      $error_message = 'Username is not valid, please check and try again!';
   }
   else
   if (!preg_match("/^[A-Za-z0-9_!@$]{1,50}$/", $newpassword))
   {
      $error_message = 'Password is not valid, please check and try again!';
   }
   else
   if (!preg_match("/^[A-Za-z0-9_!@$.' &]{1,50}$/", $newfullname))
   {
      $error_message = 'Fullname is not valid, please check and try again!';
   }
   else
   if (!preg_match("/^.+@.+\..+$/", $newemail))
   {
      $error_message = 'Email is not a valid email address. Please check and try again.';
   }
   else
   if (isset($_POST['captcha'],$_SESSION['random_txt']) && md5($_POST['captcha']) == $_SESSION['random_txt'])
   {
      unset($_POST['captcha'],$_SESSION['random_txt']);
   }
   else
   {
      $error_message = 'The entered code was wrong.';
   }
   if (empty($error_message))
   {
   try
    {
    $pdo = new PDO('mysql:host=localhost;dbname=blog', 'Avik', '');
    }
    catch (PDOException $e)
    {
    $output = 'Unable to connect to the database server.';
    echo $output;
    exit();
    }
    try
    {
      $sql = "SELECT username FROM ".$mysql_table." WHERE username = :username";
      $statement = $pdo->prepare($sql);
      $statement->bindValue(':username', $newusername);
      $statement->execute();
      $result = $statement->fetchAll(PDO::FETCH_ASSOC);
    if (count($result) > 0)
    {
      $error_message = 'Username already used. Please select another username.';
    }
    }
    catch (PDOException $e)
    {
    $output = 'Unable to send query';
    echo $output;
    exit();
    }
   }
   var_dump($error_message);
   if (empty($error_message))
   {
      try
      {
      $sql = "INSERT INTO ".$mysql_table." VALUES (username = :username, password = :password, fullname = :fullname, email = :email, role = :role, active = :active, code = :code)";
      $statement = $pdo->prepare($sql);
      $statement->bindValue(':username', $newusername);
      $statement->bindValue(':password', md5($newpassword));
      $statement->bindValue(':fullname', $newfullname);
      $statement->bindValue(':email', $newemail);
      $statement->bindValue(':role', $newrole);
      $statement->bindValue(':active', $active);
      $statement->bindValue(':code', $code);
      $statement->execute();
      }
      catch (PDOException $e)
      {
      $output = 'Unable to connect to the database server.';
      echo $output;
      exit();
      }

   }

Eagle.Avik 0 Junior Poster in Training · Answer 7 · 2013-11-02T18:40:07+00:00

Eagle.Avik 0 Junior Poster in Training

10 Years Ago

Guys need help here. Stuck with this problem.

diafol · Answer 8 · 2013-11-02T18:46:23+00:00

Guys need help here. Stuck with this problem... what does this mean??
string '' (length=0)

http://bit.ly/1e3Tdy4

Eagle.Avik 0 Junior Poster in Training · Answer 9 · 2013-11-03T02:16:01+00:00

Eagle.Avik 0 Junior Poster in Training

10 Years Ago

@ diafol, thnx but could find anything useful,

diafol · Answer 10 · 2013-11-03T08:21:00+00:00

You var_dumped the $error_message?
The reply was...

string '' (length=0)

It means a zero-length string. Is that it? I can't see another question in your last 3 posts - you say you're stuck - but with what? Is the last code not working? Same problem or something else?

Eagle.Avik 0 Junior Poster in Training · Answer 11 · 2013-11-03T10:56:26+00:00

Eagle.Avik 0 Junior Poster in Training

10 Years Ago

Yup same problem with string

LastMitch · Answer 12 · 2013-11-04T05:21:14+00:00

Yup same problem with string

@Eagle.Avik

Maybe try changing your regex pattern on your preg_match() fucntion.

Maybe add a strlen() function to count the strings.

There's nothing wrong (looks wrong) on your code.

Eagle.Avik 0 Junior Poster in Training · Answer 13 · 2013-11-05T17:01:34+00:00

I am probably asking too much but can any of you test this code on you localhost and see if there is any problem or not or is it only with me.
@last mitch, i already tried that but no solution so far.

diafol · Answer 14 · 2013-11-05T20:31:04+00:00

Much as I'd like to help, We can't test your code as it's dependent on a DB to which we have no access and in addition, data is being passed by form, and you're using a captcha. So too much for me I'm afraid.

Eagle.Avik 0 Junior Poster in Training · Answer 15 · 2013-11-06T02:39:30+00:00

I was afraid you are gonna say that,ok so back to the original question, is there anything i am doing wrong! If i use varDump it shows me string error. Gonna try some tests, i will post the results. if you find anything wrong with my code plz let me know.

LastMitch · Answer 16 · 2013-11-09T07:23:06+00:00

I was afraid you are gonna say that,ok so back to the original question, is there anything i am doing wrong! If i use varDump it shows me string error. Gonna try some tests, i will post the results. if you find anything wrong with my code plz let me know.

@Eagle.Avik

This has something to do with your database.

Either you didnt add a code to fixed those funny characters from your php code.

If you are still have string errors then you know and have to add a code on your php code.

Eagle.Avik 0 Junior Poster in Training · Answer 17 · 2013-11-12T05:02:55+00:00

Hi, guys thnx for all help. I rewrite the whole query and it works maybe there was unnecessary gap between quaries

brandon66 0 Expert in Progress · Answer 18 · 2013-11-15T00:57:26+00:00

Try this i made a few changes, to your sql statements and some other code
i could change it quite a bit but ill leave the rest up to you

<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST' && $_POST['form_name'] == 'signupform')
{
   $newpassword = $_POST['password'];
   $confirmpassword = $_POST['confirmpassword'];
   $code = 'NA';
   $active = '1';
   if ($newpassword != $confirmpassword)
   {
      $error_message = 'Password and Confirm Password are not the same!';
   }
   else
   if (isset($_POST['captcha'],$_SESSION['random_txt']) && md5($_POST['captcha']) == $_SESSION['random_txt'])
   {
      unset($_POST['captcha'],$_SESSION['random_txt']);
   }
   else
   {
      $error_message = 'The entered code was wrong.';
   }
   if (empty($error_message))
   {
   try
    {
    $pdo = new PDO('mysql:host=localhost;dbname=blog', 'Avik', '');
    }
    catch (PDOException $e)
    {
    $output = 'Unable to connect to the database server.';
    echo $output;
    exit();
    }
    try
    {
     $username = htmlspecialchars($_POST['username']);   

      $sql = $pdo->prepare("SELECT username FROM '$mysql_table' WHERE username = '$username'");

      $result = $sql->execute();

      $users = $result->fetchAll(PDO::FETCH_ASSOC);
    if (count($users) > 0)
    {
      $error_message = 'Username already used. Please select another username.';
    }
    }
    catch (PDOException $e)
    {
    $output = 'Unable to send query';
    echo $output;
    exit();
    }
   }
   if (empty($error_message))
   {
      $crypt_pass = md5($newpassword);
      try
      {
      //changed this
     $sql = $pdo->prepare("INSERT INTO '$mysql_table'
        (username, password, fullname, email, role, active,code)
        VALUES
        (:username, :password, :fullname,:email, :role, :active, :code )");

      $statement = $sql;
      $statement->bindValue(':username', $_POST['username']);
      $statement->bindValue(':password', md5($_POST['password']));
      $statement->bindValue(':fullname', $_POST['fullname']);
      $statement->bindValue(':email', $_POST['email']);
      $statement->bindValue(':role', $_POST['role']);
      $statement->bindValue(':active', $active);
      $statement->bindValue(':code', $code);
      $statement->execute();
      }
      catch (PDOException $e)
      {
      $output = 'Unable to connect to the database server.';
      echo $output;
      exit();
      }
      header('Location: '.$success_page);
      exit;
   }
}

sign up form inserting data into mysql with pdo problem

Recommended Answers Collapse Answers

All 23 Replies

Recommended Answers