Issues with Parameters

Question

I've been trying out my PHP skills and it seems when I try to send out the information from my Android app to the PHP, it seems to send just the parameter names(The database shows :Lname as an example.) out to the database. We are using PDO as the way to communicate with the MySQL Database.

Here is the coding as follows:

$query = "INSERT INTO Customer ( Lname, Fname, Address, City, State, ZIP, Phone, myusername, mypassword ) VALUES ( ':Lname', ':Fname', ':Address', ':City', ':State', ':ZIP', ':Phone', ':myusername', ':mypassword')";

//Again, we need to update our tokens with the actual data:
$query_params = array(
    ':Lname' => $_POST['LName'],
    ':Fname' => $_POST['FName'],
    ':Address' => $_POST['Address'],
    ':City' => $_POST['City'],
    ':State' => $_POST['State'],
    ':ZIP' => $_POST['ZIP'],
    ':Phone' => $_POST['Phone'],
            ':myusername' => $_POST['username'],
            ':mypassword' => $_POST['password']
);

//time to run our query, and create the user
try {
    $stmt   = $db->prepare($query);
    $result = $stmt->execute($query_params);
}
catch (PDOException $ex) {
    // For testing, you could use a die and message. 
    //die("Failed to run query: " . $ex->getMessage());

    //or just use this use this one:
    $response["success"] = 0;
    $response["message"] = $ex->getMessage();
    die(json_encode($response));
}

Answer 1

You have included literal values in your query string.

$query = "INSERT INTO Customer ( Lname, Fname, Address, City, State, ZIP, Phone, myusername, mypassword ) 
VALUES ( ':Lname', ':Fname', ':Address', ':City', ':State', ':ZIP', ':Phone', ':myusername', ':mypassword')";

should be

$query = "INSERT INTO Customer ( Lname, Fname, Address, City, State, ZIP, Phone, myusername, mypassword ) 
VALUES ( :Lname, :Fname, :Address, :City, :State, :ZIP, :Phone, :myusername, :mypassword)";

Answer 2

You need to remove the quotes from your SQL values, as its being interpreted as literal strings. If you remove them, you should be all good :)

$query = "INSERT INTO Customer ( Lname, Fname, Address, City, State, ZIP, Phone, myusername, mypassword ) VALUES ( ':Lname', ':Fname', ':Address', ':City', ':State', ':ZIP', ':Phone', ':myusername', ':mypassword')";