为什么此PDO代码不能插入？

Question

    $sql = $db->prepare("INSERT INTO users (user_username, user_password, user_email) VALUES ($username, $password, $email)");
    $sql->bindParam(':user_name', $username);
    $sql->bindParam(':user_password', $password);
    $sql->bindParam(':user_email', $email);
    $sql->execute();

I'm trying to learn PDO rather than using mysql_ but I'm running into a problem. This doesn't seem to be inserting and I'm not sure why.

I'm not getting any error messages either so I don't know what to Google.

Also, is the $db variable being in an included file (config.php which has all the database details) a problem?

Answer 1

Try -

$sql = $db->prepare("INSERT INTO users (user_username, user_password, user_email) VALUES (:user_name, :user_password, :user_email)");
$sql->bindParam(':user_name', $username);
$sql->bindParam(':user_password', $password);
$sql->bindParam(':user_email', $email);
$sql->execute();

Use :user_name, ... in your $db->prepare() not $username, ...

Answer 2

First thing's first, when you're developing turn on error reporting so you can see any error messages.

$db->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING );

Executing the code you have should be producing some sort of error because you are trying to bind to parameters that don't exist. Named parameters need to start with a : or if you would just prefer placeholder type parameters, you can use ? instead. When you do:

...VALUES ($username, $password, $email)"

The variables will be parsed into their actual values:

...VALUES (bob, $2y$14$youarehashingpasswordsright, bob@gmail.com)"

which of course, would be a syntax error in your SQL. Instead, you need to put their parameter names:

......VALUES ( :username , :password , :email )"

Then if that doesn't work, look at any errors being produced and make sure the queries are actually being committed.