PHP PDO unable to insert the data in MySQL DB - mysql

I am learning PHP.using XAMPPlocal server to test. Need help below
when I enter the details and click register in the form, I just see a blank page with the action.php link.
Code for action.php is below:
include 'config.php';
error_reporting(E_ALL);
ini_set('display_errors', 1);
if(isset($_POST['register'])){
require 'config.php';
$first_name = !empty($_POST['fname']) ? trim($_POST['fname']) : null;
$last_name = !empty($_POST['lname']) ? trim($_POST['lname']) : null;
$user_name = !empty($_POST['uname']) ? trim($_POST['uname']) : null;
$pass = !empty($_POST['upass']) ? trim($_POST['upass']) : null;
$user_email = !empty($_POST['umail']) ? trim($_POST['umail']) : null;
$sql = "INSERT INTO ams_users (id, firstname, lastname, username, password, email)
VALUES(?,?,?,?,?)";
$stmt = $pdo->prepare($sql);
$result = $stmt->execute(0,$first_name, $last_name, $user_name, $pass, $user_email);
if($result){
echo 'Thank you for registering';
}else{
echo 'sorry';
}
}enter code here
code for register.php form below:
<div class="reg-form">
<h1>Register</h1>
<form action="action.php" method="POST">
<p><label>First Name* :</label>
<input id="firstname" type="text" name="fname" /></p>
<p><label>Last Name* :</label>
<input id="lasttname" type="text" name="lname" /></p>
<p><label>User Name* : </label>
<input id="username" type="text" name="uname" /></p>
<p><label>Password: </label>
<input id="password" type="password" name="upass" /></p>
<p><label>E-Mail: </label>
<input id="e-mail" type="e-mail" name="umail"/></p>
<input type="submit" name="submit" value="register" />
</form>
</div>
MySQL table has 5 entries: id (autoincrement, firstname, lastname,username,password, and email.
please help where I am going wrong.


execute() takes an array of parameters not directly like you did.
You have less question marks then parameter
If you make id AUTOINCREMENTED then you can omit it from your query
So it becomes:
INSERT INTO ams_users (firstname, lastname, username, password, email)
VALUES(?,?,?,?,?)
Then you execute:
$result = $stmt->execute(array($first_name,
$last_name,
$user_name,
$pass,
$user_email)
);
Or:
INSERT INTO ams_users (id,firstname, lastname, username, password, email)
VALUES('',?,?,?,?,?)
The problem is you should have gotten the error, so make sure it is turned on:
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

Related

How to Transfer Data in Web Form to a Database

I'm sure this has been asked 1000 times, but I have looked all over and can't seem to get this to work.
form:
<form action="sendinfo.php" method="post">
<h4>ID:</h4>
<input type="text" name="CustomerID">
<h4>First name:</h4>
<input type="text" name="FirstName">
<h4>Last Name:</h4>
<input type="text" name="LastName">
<h4>Street:</h4>
<input type="text" name="Street">
<h4>City:</h4>
<input type="text" name="City">
<h4>Zip:</h4>
<input type="text" name="Zip">
<h4>State:</h4>
<input type="text" name="State">
<h4>Phone:</h4>
<input type="text" name="Phone">
<h4>Email:</h4>
<input type="text" name="Email">
<input type="submit">
</form>
sendinfo.php
<?php
include('connection.php');
$dbh = con();
$dbh->query = "INSERT INTO Customer (CustomerID, FirstName, LastName, Street, City, State, Zip, Phone, Email)
VALUES ('$_POST[CustomerID]', ('$_POST[FirstName]', ('$_POST[LastName]', ('$_POST[Street]', ('$_POST[City]', ('$_POST[State]', ('$_POST[Zip]', ('$_POST[Phone]', ('$_POST[Email]')";
if (!mysql_query($user_info, $connect)) { die('Error: ' . mysql_error()); } echo “Your information was added to the database.”; mysql_close($connect);
?>
connection.php
<?php
define("DB_HOST", "localhost");
define("DB_NAME", "Impact_Technologies");
define("DB_USER", "root");
define("DB_PASS", "password");
function con(){
try {
$db_connection = new PDO('mysql:host='. DB_HOST .';dbname='. DB_NAME . ';charset=utf8', DB_USER, DB_PASS);
return $db_connection;
} catch (PDOException $e) {
echo "Sorry, there was a problem connecting to the database." . $e->getMessage();
}
}
?>
When submit is clicked, no messages displayed and no information entered into the db

I see what's the problem, ('$_POST[CustomerID]', ('$_POST[FirstName]', ('$_POST[LastName]', ('$_POST[Street]', ('$_POST[City]', ('$_POST[State]', ('$_POST[Zip]', ('$_POST[Phone]', ('$_POST[Email]')
You're opening a parenthesis before every value, it should be like this:
('$_POST[CustomerID]', '$_POST[FirstName]', '$_POST[LastName]', '$_POST[Street]', '$_POST[City]', '$_POST[State]', '$_POST[Zip]', '$_POST[Phone]', '$_POST[Email]')

First, Simplify your code by doing this
$id = $_POST['custormerID'];
$firstName = $_POST['FirstName'];
//and so on
Secondly, Remove all the opening parenthesis before every value
$dbh->query = "INSERT INTO Customer (CustomerID, FirstName,
LastName, Street, City,
State, Zip, Phone, Email)
VALUES ('$id', '$FirstName',
'$LastName', '$Street', '$City',
'$State', '$Zip', '$Phone', '$Email')";
if (!mysqli_query($user_info, $connect)) {
die('Error: ' . mysqli_error());
}
echo “Your information was added to the database.”; mysql_close($connect);
Thirdly, mysql is depreciated, use mysqli or PDO instead
if (!mysql_query($user_info, $connect)) {
die('Error: ' . mysql_error()); }
echo “Your information was added to the database.”; mysql_close($connect);
do this instead:
if (!mysqli_query($user_info, $connect)) {
die('Error: ' . mysqli_error());
}
echo “Your information was added to the database.”; mysqli_close($connect);
Side Note: Is either you use mysqli or PDO, don't use the both.
You can learn about PDO http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers and http://www.w3schools.com/php/php_mysql_intro.asp

Add Data to MySQL Database from an HTML Form

HI all i've a basic Web Form for putting data into a mysql database, I created code to report if i was connected to my Database correctly and it was so on completion of the form i tested it and it seems to do what i expected but when i goto my database no data was actually entered?
my form
<form class="form-horizontal" name="myForm" method="POST" action="data.php" onsubmit="return(validate())">
<div class="container-fluid">
<div class="row">
<div class="col-md-5" style=" margin-left:5%">
<div class="form-group" >
<input type="text" class="form-control" name="Name" placeholder="Enter your name!">
</div>
<div class="form-group">
<input type="email" class="form-control" name="Email" placeholder="Enter email">
</div>
<div class="form-group">
<input type="password" class="form-control" name="Pass" placeholder="Enter password">
</div>
</div>
<div class="col-md-5" style="float:right; margin-right:5%">
<div class="form-group">
<input type="number" class="form-control" name="Num" onsubmit="return(phonenumber(myForm.Num))" placeholder="Enter phone no.">
</div>
<div class="form-group">
<input type="text" class="form-control" name="Comment" placeholder="Any comments?">
</div>
</div>
</div>
</div>
<input type="submit" value="Submit">
</form>
data.php
<?
define('DB_NAME', 'Demo');
define('DB_USER', 'root');
define('DB_PASSWORD', 'root');
define('DB_HOST', 'localhost');
if( $_POST )
{
$con = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("Demo", $con);
$Name1 = $_POST['Name'];
$Email1 = $_POST['Email'];
$Pass1 = $_POST['Pass'];
$Num1 = $_POST['Num'];
$Comment1 = $_POST['Comment'];
$Name = mysql_real_escape_string($Name);
$Email = mysql_real_escape_string($Email);
$Pass = mysql_real_escape_string($Pass);
$Num = mysql_real_escape_string($Num);
$Comment = mysql_real_escape_string($Comment);
$sql = "
INSERT INTO Demo ( `Name`, `Email`, `Password`,`Contact_num`,
`Comment`) VALUES ('$Name1',
'$Email1', '$Pass1', '$Num1','$Comment1'
)";
mysql_query($sql);
mysql_close($con);
}
?>

<?php
$dbhost = "localhost";
$dbuser = "root";
$conn = mysql_connect($dbhost , $dbuser);
mysql_select_db("Demo",$conn);
$Name1 = $_POST['Name'];
$Email1 = $_POST['Email'];
$Pass1 = $_POST['Pass'];
$Num1 = $_POST['Num'];
$Comment1 = $_POST['Comment'];
echo $Name1.$Email1.$Pass1.$Num1.$Comment1; //this is to check whether you are getting all the values or not.
$sql = "INSERT INTO TABLENAME ( `Name`, `Email`, `Password`,`Contact_num`, `Comment`) VALUES ('$Name1',
'$Email1', '$Pass1', '$Num1','$Comment1'
)";
mysql_query($sql);
mysql_close($con);
}
?>
Kindly consider that the Insert Query should have the name of the table, not the database.

Having an issue inputting values into DB with PDO

So this is the PHP code that processes the form info and it supposed to send data into the DB. It is successful every time and shoots me a success message but when I look in database I see a new row but no actual data from the form.
REMINDER: the db connection is working, except it's sending blank values to fill up the table as opposed to the form data.
Here is the HTML form to be handled by the PHP code in dealer.php:
<form action="dealer.php" method="POST">
<div class="form-group">
<label for="company">Company Name</label>
<input type="text" class="form-control" id="company" name="company" placeholder="Company Name">
</div>
<div class="form-group">
<label for="location">Location</label>
<input type="text" class="form-control" id="location" name="location" placeholder="Location">
</div>
<div class="form-group">
<label for="founded">Founded</label>
<input type="text" class="form-control" id="founded" name="founded" placeholder="Founded">
</div>
<div class="form-group">
<label for="employees"># of Employees</label>
<input type="text" class="form-control" id="employees" name="employees" placeholder="# of employees">
</div>
<div class="form-group">
<label for="employees"># of Employees</label>
<input type="text class="form-control" id="sales" name="sales" placeholder="2014 sales">
</div>
<div class="radio">
<label><p>Is the company traded publicly?</p>
<input type="radio" name="optionsRadios" name="public" id="Yes" value="Yes">
Yes
</label>
</div>
<div class="radio">
<label>
<input type="radio" name="optionsRadios" name="public" id="No" value="No">
No
</label>
</div>
<div class="form-group">
<label class="sr-only" for="gross_2014">Gross Revenue</label>
<div class="input-group">
<div class="input-group-addon">$</div>
<input type="text" class="form-control" id="gross_2014" name="gross_2014" placeholder="Gross Revenue">
<div class="input-group-addon">.00</div>
</div>
</div>
<div class="form-group">
<label class="sr-only" for="net_2014">Net Revenue</label>
<div class="input-group">
<div class="input-group-addon">$</div>
<input type="text" class="form-control" id="net_2014" name="net_2014" placeholder="Net Revenue">
<div class="input-group-addon">.00</div>
</div>
</div>
<div class="form-group">
<label class="sr-only" for="growth_2014">Growth(%)</label>
<div class="input-group">
<div class="input-group-addon">%</div>
<input type="text" class="form-control" id="growth_2014" name="growth_2014" placeholder="Growth %">
<div class="input-group-addon">.00</div>
</div>
</div>
<textarea class="form-control" rows="3"></textarea>
<div class="form-group">
<p class="help-block" id="customer" name="customer">Customer profile info... </p>
</div>
<textarea class="form-control" rows="3"></textarea>
<div class="form-group">
<p class="help-block" id="products" name="products">Info about product offerings.</p>
</div>
<div class="checkbox">
<label>
<input type="checkbox"> Check me out
</label>
</div>
<button type="submit" class="btn btn-default">Submit</button>
</form>
And here are the contents of dealer.php that process the HTML form above:
<?php
$servername = "XX.XXX.XXX.XX";
$username = "smartkrawl";
$password = "Bondurant15!";
$dbname = "smartkrawl";
class companyInfo{
public $name;
public $location;
public $founded;
public $employees;
public $sales;
public $gross_2014;
public $net_2014;
public $growth_2014;
public function __construct($name,$location,$founded,$employees,$sales,$gross_2014, $net_2014, $growth_2014) {
$this->name = $name;
$this->location = $location;
$this->founded = $founded;
$this->employees = $employees;
$this->sales = $sales;
$this->gross_2014 = $gross_2014;
$this->net_2014 = $net_2014;
$this->growth_2014 = $growth_2014;
}
}
try {
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
// set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "INSERT INTO companyInfo (name, location, founded, employees, sales, gross_2014, net_2014, growth_2014)
VALUES ('$name', '$location', '$founded', '$employees', '$sales', '$gross_2014', '$net_2014', '$growth_2014')";
// use exec() because no results are returned
$conn->exec($sql);
echo "New record created successfully";
}
catch(PDOException $e)
{
echo $sql . "<br>" . $e->getMessage();
}
$conn = null;
?>

You didn't get the POST values in your php code, that's why the columns of the row are empty. The variables are not set.
I don't think you should use a class just to handle a form, it's unnecessary.
Since you getting this data from a form, it's good to security the use of prepared statements to insert the data. You're already using PDO, so you can just use the prepared statements without problem.
You can read about PDO Prepared Statements on PHP Manual (http://php.net/manual/en/pdo.prepared-statements.php)
I modified your code and now should be working.
<?php
$name = $_POST['company'];
$location = $_POST['location'];
$founded = $_POST['founded'];
$employees = $_POST['employees'];
$sales = $_POST['sales'];
$gross_2014 = $_POST['gross_2014'];
$net_2014 = $_POST['net_2014'];
$growth_2014 = $_POST['growth_2014'];
try {
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
// set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = $conn->prepare("INSERT INTO companyInfo (name, location, founded, employees, sales, gross_2014, net_2014, growth_2014) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
$sql->bindValue(1, $name);
$sql->bindValue(2, $location);
$sql->bindValue(3, $founded);
$sql->bindValue(4, $employees);
$sql->bindValue(5, $sales);
$sql->bindValue(6, $gross_2014);
$sql->bindValue(7, $net_2014);
$sql->bindValue(8, $growth_2014);
$exec = $sql->execute();
if($exec) {
echo "New record created successfully";
}
}
catch(PDOException $e)
{
echo $sql . "<br>" . $e->getMessage();
}
$conn = null;
By the way, in your HTML code, there's a quote missing on this line after the type attribute.
<input type="text class="form-control" id="sales" name="sales" placeholder="2014 sales">
Replace by
<input type="text" class="form-control" id="sales" name="sales" placeholder="2014 sales">
And there's a field on the form that you didn't set on your PHP code, which is the optionsRadios radio. I didn't put that radio in the code because you didn't put it on the original code. So, if you want to put it there, just add it on the PHP like any other field.

i keep getting this Undefined index: fname AND Notice: Undefined index: lname

this is the php code and the one below is the HTML file. i keep getting the
unidentified index error and i dont know why. please help!
$firstname = $_POST["fname"];
$lastname = $_POST['lname'];
$sql = "INSERT INTO user(fname,lname)
VALUES ('$firstname','$lastname')";
<form action="connect.php" method="post">
First name: <input type="password" name="fname">
Last name: <input type="text" name="lname"><br><br>
<input type="submit" value="Sign up!" id="btnsignup" />
</form>

Use the isset() function to evaluate if the key is set.
example:
$firstname = isset($_POST["fname"]) ? $_POST["fname"] : '';
$lastname = isset($_POST['lname']) ? $_POST['lname'] : '';

SQLSTATE[HY000]: General error When trying to UPDATE MYSQL record with PDO

I'm trying to make a page where users can update their information such as their name/email and password. Below is the update function:
public function update() {
$correct = false;
try {
$con = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD );
$con->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
$sql = "UPDATE users SET `username` = :username, `password` = :password, `name` = :name, `email` = :email WHERE `userID` = :userID";
$stmt = $con->prepare( $sql );
$stmt->bindValue( "username", $this->username, PDO::PARAM_STR );
$stmt->bindValue( "password", hash("sha256", $this->password . $this->salt), PDO::PARAM_STR );
$stmt->bindValue( "name", $this->name, PDO::PARAM_STR );
$stmt->bindValue( "email", $this->email, PDO::PARAM_STR );
$stmt->bindValue( "userID", $this->userID, PDO::PARAM_STR );
$stmt->execute();
print("PDO::FETCH_ASSOC: ");
print("Return next row as an array indexed by column name\n");
$result = $stmt->fetch(PDO::FETCH_ASSOC);
print_r($result);
print("\n");
Here is the form on the page:
<?php
echo '<form method="post" action="' . $_SERVER['PHP_SELF'] . '">
<ul>
<li>
<label for="usn">Name : </label>
<input type="text" id="usn" maxlength="36" required autofocus name="name" value="' . $row['name'] . '" />
<input type="text" name="userID" value="' . $row['userID'] . '" class="displaynone"/>
</li>
<li>
<label for="usn">Email : </label>
<input type="text" id="usn" maxlength="46" required autofocus name="email" value="' . $row['email'] . '" />
</li>
<li>
<label for="usn">Username : </label>
<input type="text" id="usn" maxlength="30" required autofocus name="username" disabled="disabled" value="' . $row['username'] . '" />
</li>
<li>
<label for="passwd">Password : </label>
<input type="password" id="passwd" maxlength="30" required name="password" />
</li>
<li>
<label for="conpasswd">Confirm Password : </label>
<input type="password" id="conpasswd" maxlength="30" required name="conpassword" />
</li>
<li class="buttons">
<input type="submit" name="update" value="Update" />
<input type="button" name="cancel" value="Cancel" />
</li>
</ul>
</form>';
$usr = new Users; //create new instance of the class Users
$usr->storeFormValues( $_POST ); //store form values //if the entered password is match with the confirm password then register him
if( $_POST['password'] == $_POST['conpassword'] ) {
echo $usr->update($_POST);
} else {
//if not then say that he must enter the same password to the confirm box.
echo "Password and Confirm password not match";
}
?>
This returns the following error:
PDO::FETCH_ASSOC: Return next row as an array indexed by column name SQLSTATE[HY000]: General error
I'm really stuck here. I don't know how to troubleshoot this any further.