0

Hello, I am getting an error

<?Php

include 'connect.php';


    $userName = $_POST['Username']; 
    $firstname = $_POST['First Name']; 
    $Surname = $_Post['Surname'];
    $email = $_POST['Email Address']; 
    $password = $_POST['Password']; 
    $gender = $_POST['Gender']; 
    $dob = $_POST['DOB'];

    $query_insertintotable = "INSERT INTO User (username,Password,First Name,Surname, Gender, DOB, Email Address) 
                        VALUES ('$userName','$password','$firstname','$userName', '$gender', '$dob', '$email)"; 


    $query = $dbhandle->prepare( $query_insertintotable );
    $query->execute();




?>

Am I doing anything wrong?

Thanks

5
Contributors
52
Replies
149
Views
3 Years
Discussion Span
Last Post by Mohamed_26
Featured Replies
  • Your $dbhandle object doesn't exist. Is it being declared in the connect.php and are you referring to it by the correct variable name? Read More

  • 1
    diafol 3,720   3 Years Ago

    In addition, why are you bothering with PDO or mysqli if you're not binding parameters? You may as well use mysql_* functions and have a big sign saying "inject me". Show your connect.php code and read up on bind parameters Read More

  • 1

    Prepared statements with parameters work like this. **Methods used : prepare() and execute()** PDO is class. An instance of this class is called an object and the functions associated with this object are called methods. For our purpose above (shown on your codes), we need these methods called prepare and … Read More

  • 1
    diafol 3,720   3 Years Ago

    Please ignore ^^ We are beyond that, we are now using prepared statements in 2014. Suggestion to peter - read all posts before making a contribution to a thread. Read More

  • 1
    diafol 3,720   3 Years Ago

    Why have you reused `$query_insertintotable` ? Try this: $query = "INSERT INTO User (username,Password,`First Name`,Surname, Gender, DOB, `Email Address` VALUES (:userName,:password,:firstname,:Surname, :gender, :dob, :email)"; //echo $query; $stmt = $conn->prepare($query); try { $stmt->execute(array( ":userName" => $userName, ":password" => $password, ":firstname" =>$firstname, ":Surname" => $Surname, ":gender" => $gender, ":dob" => $dob, ":email" … Read More

2

Your $dbhandle object doesn't exist. Is it being declared in the connect.php and are you referring to it by the correct variable name?

1

In addition, why are you bothering with PDO or mysqli if you're not binding parameters? You may as well use mysql_* functions and have a big sign saying "inject me".

Show your connect.php code and read up on bind parameters

0

Oh Thanksss...I sorted the error out..

The other thing is. I am working on the Registration and is there anything else I need to do in the above lines of code because for some reason it is not inserting into the MySQL tables

0

Your SQL is mashed to buggery:

"INSERT INTO User (username,Password,First Name,Surname, Gender, DOB, Email Address) VALUES ('$userName','$password','$firstname','$userName', '$gender', '$dob', '$email)"; 

Enclose fieldnames within backticks - this is essential for reserved names and names with spaces, like your First Name and Email Address

You're also missing a closing ' for $email

What editor/IDE are you using? It should flag up these issues.

0
<?php
    $host = 'localhost';
    $dbname = 'classicmodels';
    $username = 'root';
    $password = '';
    ?>

    <?php
    $host = '';
    $dbname = '';
    $username = '';
    $password = '';

try {
    $conn = new PDO('mysql:host='.$host.';dbname'.$dbname,$username,$password);
    echo "ITS WORKING!!";
} catch (PDOException $pe) {
    die("Could not connect to the database $dbname :" . $pe->getMessage());
}

?>

Edited by Mohamed_26

0

What's this for?

<?php
$host = '';
$dbname = '';
$username = '';
$password = '';

Why are you getting rid of your credentials before passing them to the object?

Also your parameters are all mashed as well -

'mysql:host='.$host.';dbname'.$dbname,$username,$password

Where's the '=' after dbname?

Please check your syntax. Use a suitable IDE.

0

You're not providing us with much information here. We're having to work hard to worm this out of you. You don't mention if you're getting "it's working" or not. Is the second block of parameter (the blank set) still in your code?

For a better idea of how to ask questions, see this post: http://bit.ly/Dwebphp

Sorry, but I'm finding this thread too frustrating. Good luck with it.

0

I dont really understand whats going on here anymore. I am sorry if I have annoyed you and its workinggg.

Thanks for your help

0

Thank you for your patience and helping me. I know your time is very valuable so thank you for giving up your time to help me. You have helped me so many times before. So thank you for everything.

I just have question. what does bindparam do? I have searched it up but I am still not clear on the function of it. The other thing is the registration.php is not producing errors anymore, but I dont know why the details are not being entered into the database.

below is the Registration.html

<html>
<head>
<title> Registration </title>
</body>
<form name = "registration form" method = "post" action="registration.php">
Username:<input type="text" name="name" value=""> </br>
Password:<input type="text" name="Password" value=""> </br>
First Name:<input type="text" name="First Name" value=""> </br>
Surname:<input type="text" name="Surname" value=""> </br>
Gender:<input type="text" name="Gender" value=""> </br>
DOB:<input type="text" name="DOB" value=""> </br>
Email Address:<input type="text" name="Email Address" value=""> </br>

<input type="submit" name="submit" value="submit">
</form>
</body>
</head>
</html>

Below is the Registration.php

<?Php

include 'connect.php';


    $userName = $_POST['Username']; 
    $firstname = $_POST['First Name']; 
    $Surname = $_Post['Surname'];
    $email = $_POST['Email Address']; 
    $password = $_POST['Password']; 
    $gender = $_POST['Gender']; 
    $dob = $_POST['DOB'];

    $query_insertintotable = "INSERT INTO User (username,Password,First Name,Surname, Gender, DOB, Email Address) 
                        VALUES ('$userName','$password','$firstname','$userName', '$gender', '$dob', '$email)"; 
    echo $query_insertintotable;


    $query = $conn->prepare( $query_insertintotable );
    $query->execute();




?>http://www.daniweb.com/web-development/php/threads/482620/call-to-a-member-function-prepare-on-a-non-object-# 

Am I not doing something correctly? I am not sure why the details are not being entered into the MySQL tables

1

Prepared statements with parameters work like this.

Methods used : prepare() and execute()

PDO is class. An instance of this class is called an object and the functions associated with this object are called methods.

For our purpose above (shown on your codes), we need these methods called prepare and execute. Now, PDO allows us to prepare and compile our query with placeholders. Placeholders are like markers for the expected values from the users. When the execute method is called, it sends the arguments and runs the compiled statements sent earlier.

So, there are two things going on here in the background.

First, this will be send to the server and later on will be compiled

 $query_insertintotable = $con->prepare("INSERT INTO User (username,Password,First Name,Surname, Gender, DOB, Email Address)

VALUES (:userName, :password,  :firstname, :Surname, :gender, :dob, :email)");

These are placeholders for anticipated incomming values from the user

 VALUES (:userName, :password,  :firstname, :Surname, :gender, :dob, :email)");

TYPE 2 : alternatively, we can also do this

VALUES ( ? , ? ,  ? , ? , ? , ? , ? )";

Those are two options in setting-up the placeholder for binding. For now, let us stick to the first one to avoid any confusion.That is the beauty of PDO. It allows us to send query and temporarily compile with the placeholders.

The second part of the process is to send arguments by way of the method execute.

For the first example, we can do it like this

$query_insertintotable = $con->prepare("INSERT INTO User (username,Password,First Name,Surname, Gender, DOB, Email Address)

VALUES (:userName, :password,  :firstname, :Surname, :gender, :dob, :email)");

## in OOP we always use try{} if we are anticipating probable errors, or we just want to catch those errors for better debugging of the script.

try {

$query_insertintotable->execute(array(

    "userName" => $userName,
    "password" => $password,
    "firstname" =>$firstname,
    "Surname" => $Surname,
    "gender" => $gender,
    "dob" => $dob,
    "email" => $email
));

} catch(PDOException $err) {
    echo "Houston we have a problem: $err";
}

For the method 2 or Type 2 of doing things, we can do it with less codes

try {

$query_insertintotable->execute(array( $userName,$password,$firstname,$Surname,$gender, $dob,$email
));

} catch(PDOException $err) {
    echo "Houston we have a problem: $err";
}

That's pretty much it. I hope this help you in understanding this subject.

Remember prepare() goes out first to the server with the anticipation that those placeholders will be filled once the execute() method is called. This makes PDO a lot safer against the aged, neglected, and deprecated mysql_*.

Edited by veedeoo: more info added

Votes + Comments
nice :)
0

I read it soo manyyy timee and I understand it soo muchh better..THANK YOU!!!

0

I am having a bit of a problem. This is the code I have atm

<?Php

include 'connect.php';


    $userName = $_POST['Username']; 
    $firstname = $_POST['First Name']; 
    $Surname = $_Post['Surname'];
    $email = $_POST['Email Address']; 
    $password = $_POST['Password']; 
    $gender = $_POST['Gender']; 
    $dob = $_POST['DOB'];


    $query_insertintotable = "INSERT INTO User (username,Password,First Name,Surname, Gender, DOB, Email Address) 
                        VALUES (':userName',':password',':firstname',':Surname', ':gender', ':dob', ':email')"; 
    echo $query_insertintotable;


    $query_insertintotable = $conn->prepare($query_insertintotable);

    try {
    $query_insertintotable->execute(array( $userName,$password,$firstname,$Surname,$gender, $dob ,$email));
} catch(PDOException $err) {
    echo "Houston we have a problem: $err";

    }

  var_dump(array);


?>

I dont know why nothing is being inserted into the database. AM I not excuting the query properly.

0

you are not supposed to wrap the placeholders with single quotes. So, this

 VALUES (':userName',':password',':firstname',':Surname', ':gender', ':dob', ':email')"; 

should be like this

VALUES (:userName, :password, :firstname, :Surname, :gender, :dob, :email)");

and this

 $query_insertintotable->execute(array( $userName,$password,$firstname,$Surname,$gender, $dob ,$email));

should be like this

$query_insertintotable->execute(array(
"userName" => $userName,
"password" => $password,
"firstname" =>$firstname,
"Surname" => $Surname,
"gender" => $gender,
"dob" => $dob,
"email" => $email
));

we only use this

$query_insertintotable->execute(array( $userName,$password,$firstname,$Surname,$gender, $dob ,$email));

if our placeholders are like these

    VALUES ( ? , ? , ? , ? , ? , ? , ? );

Edited by veedeoo: more info added

0

Let us know when you got it working, so that I can teach you how to use these

     PDO::PARAM_INT
     PDO::PARAM_BOO
     PDO::PARAM_NULL
     PDO::PARAM_STR

that's for late though..

0
$query_insertintotable->execute(array(
"userName" => $userName,
"password" => $password,
"firstname" =>$firstname,
"Surname" => $Surname,
"gender" => $gender,
"dob" => $dob,
"email" => $email
));

Don't the keys need the colon in front of them?

$query_insertintotable->execute(array(
":userName" => $userName,
":password" => $password,
":firstname" =>$firstname,
":Surname" => $Surname,
":gender" => $gender,
":dob" => $dob,
":email" => $email
));
0

Hi, your sql code for the insert table is correct. But you have any problem during insertion or fetching the data from the table. You can check the corect the database table name which you are selected.
"INSERT INTO User (username,Password,First Name,Surname, Gender, DOB, Email Address) VALUES ('$userName','$password','$firstname','$userName', '$gender', '$dob', '$email)";

1

Please ignore ^^ We are beyond that, we are now using prepared statements in 2014. Suggestion to peter - read all posts before making a contribution to a thread.

Edited by diafol

0

I keep getting this error Unexpected T_ARRAY_CAST

<?Php

include 'connect.php';


    $userName = $_POST['Username']; 
    $firstname = $_POST['First Name']; 
    $Surname = $_Post['Surname'];
    $email = $_POST['Email Address']; 
    $password = $_POST['Password']; 
    $gender = $_POST['Gender']; 
    $dob = $_POST['DOB'];


    $query_insertintotable = "INSERT INTO User (username,Password,First Name,Surname, Gender, DOB, Email Address) 
                        VALUES (:userName,:password,:firstname,:Surname, :gender, :dob, :email)"; 
    echo $query_insertintotable;


    $query_insertintotable = $conn->prepare($query_insertintotable);

    try {
    $query_insertintotable->execute(array(
        ":userName" => $userName,
        ":password" => $password,
        ":firstname" =>$firstname,
        ":Surname" => $Surname,
        ":gender" => $gender,
        ":dob" => $dob,
        ":email" => $email
     ));
} catch(PDOException $err) {
    echo "Houston we have a problem: $err";

    }

and its pointing to this line ":dob" => $dob,

1

Why have you reused $query_insertintotable ?

Try this:

$query = "INSERT INTO User (username,Password,`First Name`,Surname, Gender, DOB, `Email Address` VALUES (:userName,:password,:firstname,:Surname, :gender, :dob, :email)"; 
//echo $query;
$stmt = $conn->prepare($query);
try {
$stmt->execute(array(
    ":userName" => $userName,
    ":password" => $password,
    ":firstname" =>$firstname,
    ":Surname" => $Surname,
    ":gender" => $gender,
    ":dob" => $dob,
    ":email" => $email
 ));

You still hadn't enclosed some fields in backticks, even though you'd been warned about this. Using long variable names has its uses, but perhaps not so useful in this context - you should make them meaningful.

$query_insertintotable suggests an SQL string to me not a PDOStatement object. Hope that's useful.

Edited by diafol

0
include 'connect.php';


    $userName = $_POST['Username']; 
    $firstname = $_POST['First Name']; 
    $Surname = $_Post['Surname'];
    $email = $_POST['Email Address']; 
    $password = $_POST['Password']; 
    $gender = $_POST['Gender']; 
    $dob = $_POST['DOB'];


    $query = "INSERT INTO User (`username`,`Password`,`First Name`,`Surname`, `Gender`, `DOB`, `Email Address`) 
VALUES (:userName,:password,:firstname,:Surname,:gender, :dob, :email)"; 

    $stmt = $conn->prepare($query_insertintotable);

    try {
    $stmt->execute(array(
        ":userName" => $userName,
        ":password" => $password,
        ":firstname" =>$firstname,
        ":Surname" => $Surname,
        ":gender" => $gender,
        ":dob" => $dob,
        ":email" => $email
     ));
} catch(PDOException $err) {
    echo "Houston we have a problem: $err";

    }



?>

This is my code now and I am still getting the same error message..Am I missing something?

Edited by Mohamed_26

1

Yes

$stmt = $conn->prepare($query_insertintotable);

$query_insertintotable doesn't exist it's $query

Make sure $conn is the right name too.

0

The error still exists

<?Php

include 'connect.php';


    $userName = $_POST['Username']; 
    $firstname = $_POST['First Name']; 
    $Surname = $_Post['Surname'];
    $email = $_POST['Email Address']; 
    $password = $_POST['Password']; 
    $gender = $_POST['Gender']; 
    $dob = $_POST['DOB'];


    $query = "INSERT INTO User (`username`,`Password`,`First Name`,`Surname`, `Gender`, `DOB`, `Email Address`) 
                        VALUES (:userName,:password,:firstname,:Surname, :gender, :dob, :email)"; 

    $stmt = $conn->prepare($query);
    try {
    $stmt->execute(array(
        ":userName" => $userName,
        ":password" => $password,
        ":firstname" =>$firstname,
        ":Surname" => $Surname,
        ":gender" => $gender,
        ":dob" => $dob,
        ":email" => $email));
} catch(PDOException $err) {
    echo "Houston we have a problem: $err";

    }

I checked against the PHP manual. It should have worked.

http://php.net/manual/en/pdostatement.execute.php

1

Try this...

$query = "INSERT INTO User (`username`) VALUES (:userName)"; 
$stmt = $conn->prepare($query);

try {
    $stmt->execute(array(":userName" => $userName));
} catch(PDOException $err) {
    echo "Houston we have a problem: $err";
}

Then if it works, build it up, one field at a time.

0

I am not getting that error anymore but I dont think the values are being passed

$stmt->execute(array(
        ":userName" => $userName,
        ":password" => $password,
        ":firstname" =>$firstname,
        ":Surname" => $Surname,
        ":gender" => $gender,
        ":dob" => $dob,
        ":email" => $email
     ));

I know this because I added a debug code var_dump(array()); and it just displays this array(0) { }. When I added this code var_dump($_POST);. This is the reuslt I got

array(8) { ["name"]=> string(6) "mfredy" ["Password"]=> string(10) "Pulavan123" ["First_Name"]=> string(7) "Fareedh" ["Surname"]=> string(7) "Fareedh" ["Gender"]=> string(1) "M" ["DOB"]=> string(10) "23-10-1992" ["Email_Address"]=> string(23) "fareedh92@hotmail.co.uk" ["submit"]=> string(6) "submit" }
This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.