执行我的查询时出错

Question

Well, I'm creating a registration system for my website but I'm having trouble executing my query. I've tried to troubleshoot the problem, but I've had no success. Kind of confused :(

Here is my code:

public function registerUser($username, $password, $email) {
            global $core;
            if(empty($username) || empty($password) || empty($email)) {
                throw new Exception ('A required field was left blank');
            } else {
                //SQL Query Data
                $data['username'] = $username;
                $data['password'] = $core->encrypt($password);
                $data['email'] = $email;
                $data['userKey'] = rand(999999, 100000);
                $data['ip'] = $_SERVER['REMOTE_ADDR'];
                $data['date'] = time();

                //SQL Query
                $sql = "INSERT INTO `u_userdata` ('user-key', 'username', 'password', 'email', 'register-ip', 'register-date') VALUES (:userKey, :username, :password, :email, :ip, :date)";
                $STH = $this->DBH->query($sql);
                $STH->execute($data);
            }
        }

and here is the error I'm getting:

Fatal error: Call to a member function execute() on a non-object in C:\xampp\htdocs\community\inc\user.inc.php on line 33

I'm guessing it's an error with the query, but I'm not sure what!

Answer 1

I think you have got PDO::prepare() mixed up with PDO::query() :

It should be either:

$result = $this->DBH->query($sql);

Or:

$STH = $this->DBH->prepare($sql);
$STH->execute($data);

From the docs:

PDO::query() executes an SQL statement in a single function call, returning the result set (if any) returned by the statement as a PDOStatement object.

You would normally use PDO::prepare() if you are going to issue the same statement repeatedly, or if you need to bind parameters. As far as I am aware, it is not possible to bind parameters to your query prior to using PDO::query() .

Note that with PDO::prepare() you can either use PDOStatement::bindParam() to bind parameters prior to calling PDOStatement->execute() , or you can pass the parameters as an array to PDOStatement->execute() .

You also need to prefix your array keys with a colon. So the final result would be:

$data[':username'] = $username;
$data[':password'] = $core->encrypt($password);
$data[':email'] = $email;
$data[':userKey'] = rand(999999, 100000);
$data[':ip'] = $_SERVER['REMOTE_ADDR'];
data[':date'] = time();

//SQL Query
$sql = "INSERT INTO `u_userdata` ('user-key', 'username', 'password', 'email', 'register-ip', 'register-date') VALUES (:userKey, :username, :password, :email, :ip, :date)";
$STH = $this->DBH->prepare($sql);
$STH->execute($data);

Answer 2

You should use ` quote instead of ' in insert query.

"INSERT INTO u_userdata ( user-key , username , password , email , register-ip , register-date ) VALUES (:userKey, :username, :password, :email, :ip, :date)

Answer 3

the query() function executes the sql statement. you should use the prepare() function. i'm assuming that you are using pdo, because of the pdo tag

    $data[':username'] = $username;
    $data[':password'] = $core->encrypt($password);
    $data[':email'] = $email;
    $data[':userKey'] = rand(999999, 100000);
    $data[':ip'] = $_SERVER['REMOTE_ADDR'];
    $data[':date'] = time();

    //SQL Query
    $sql = "INSERT INTO `u_userdata` ('user-key', 'username', 'password', 'email', 'register-ip', 'register-date') VALUES (:userKey, :username, :password, :email, :ip, :date)";
    $stmt = $this->DBH->prepare($sql);
    $stmt->execute($data);