stackoom
  简体   繁体   中英

Form not inputting in database using PDO prepare and INSERT

 原文  2014-09-30 14:28:59       php/ mysql/ pdo

Question

For some reason when I fill in my basic registration form nothing goes wrong, it says everything is completed, but when I go take a look in my database nothing is saved in there.

This is my form: 

<form method="post">
        <p id="registryinput">Voornaam:<input name="voornaam" type="text"></p><br>
        <p id="registryinput">Tussenvoegsels:<input name="tussenvoegsel" type="text"></p><br>
        <p id="registryinput">Achternaam:<input name="achternaam" type="text"></p><br>
        <p id="registryinput">E-mail:<input name="email" type="text"></p><br>
        <p id="registryinput">Wachtwoord:<input name="wachtwoord" type="password"></p><br>
        <p id="registryinput">Herhaal wachtwoord:<input name="herhaalwachtwoord" type="password"></p><br>
        <input name="submit" type="submit" value="Registreren">
    </form>

This is the db connection: 

<?php
    $host_name = "localhost";
    $database = "login";
    $username = "root";
    $password = "";

    try {
        $db = new PDO("mysql:host=".$host_name.";dbname=".$database,$username,$password);
    }
    catch (PDOException $e) {
        print "Error!: ".$e->getMessage()."<br/>";
        die();
    }   
?>

This is the code that I use to upload to the database: 

<?php
        include("connect.php");

        $voornaam = @$_POST["voornaam"];
        $tussenvoegsel = @$_POST["tussenvoegsel"];
        $achternaam = @$_POST["achternaam"];
        $email = @$_POST["email"];
        $wachtwoord = @$_POST["wachtwoord"];
        $herhaalwachtwoord = @$_POST["herhaalwachtwoord"];
        $submit = @$_POST["submit"];
        $encpassword = md5($password);

        if($submit){
            if($voornaam==true){
                if($achternaam==true){
                    if($email==true){
                        if($wachtwoord==true){
                            if($herhaalwachtwoord==true){
                                if($wachtwoord==$herhaalwachtwoord){
                                    if(strlen($voornaam)<50){
                                        if(strlen($tussenvoegsel)<50){
                                            if(strlen($achternaam)<50){
                                                if(strlen($email)<50){
                                                    if(strlen($wachtwoord)<50){
                                                        $q = $db->prepare("INSERT INTO 'userinfo' ('voornaam','tussenvoegsel','achternaam','email','wachtwoord') VALUES (':voornaam',':tussenvoegsel',':achternaam',':email',':wachtwoord')");
                                                        $q->execute(array(':voornaam'=>$voornaam,':tussenvoegsel'=>$tussenvoegsel,':achternaam'=>$achternaam,':email'=>$email,':wachtwoord'=>$wachtwoord));
                                                        echo "Registratie succesvol!";
                                                    } else {
                                                        echo "Wachtwoord langer dan 50 karakters.";
                                                    }
                                                } else {
                                                    echo "E-mail langer dan 50 karakters.";
                                                }
                                            } else {
                                                echo "Achternaam langer dan 50 karakters.";
                                            }
                                        } else {
                                            echo "Tussenvoegsel langer dan 50 karakters.";
                                        }
                                    } else {
                                        echo "Voornaam langer dan 50 karakters.";
                                    }
                                } else {
                                    echo "Wachtwoorden zijn niet gelijk.";
                                }
                            } else {
                                echo "Herhaal uw wachtwoord.";
                            }
                        } else {
                            echo "Geen wachtwoord ingevuld.";
                        }
                    } else {
                        echo "Geen e-mail ingevuld.";
                    }
                } else {
                    echo "Geen achternaam ingevuld.";
                }
            } else {
                echo "Geen voornaam ingevuld.";
            }
        }   
    ?>

My main concern is if this part is right: 

$q = $db->prepare("INSERT INTO 'userinfo' ('voornaam','tussenvoegsel','achternaam','email','wachtwoord') VALUES (':voornaam',':tussenvoegsel',':achternaam',':email',':wachtwoord')");
$q>execute(array(':voornaam'=>$voornaam,':tussenvoegsel'=>$tussenvoegsel,':achternaam'=>$achternaam,':email'=>$email,':wachtwoord'=>$wachtwoord));

Don't mind all the value names I'm dutch so all the text on the page is dutch

I actually worked along a little bit more and dropped on another problem, my second objective was to make a login form using the SELECT * option and i got it working. Only problem is for username i am using E-mail but when it tries to call the value of E-mail (for example Thodor20@gmail.com) it comes up with this error:

Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@gmail.com = 'admin'' at line 1' in C:\\wamp\\www\\PWS\\index.php on line 15 ( ! ) PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@gmail.com = 'admin'' at line 1 in C:\\wamp\\www\\PWS\\index.php on line 15

I know why this isn't working though it recognizes the E-mail as a value Thodor20@gmail.com where @gmail.com is seperated because of the @. So how can I change the existing code: 

<?php
    include("connect.php");

    $logemail = @$_POST['email'];
    $logww = @$_POST['wachtwoord'];

    if(isset($_POST['submit'])){
        $q2 = $db->prepare("SELECT * FROM userinfo WHERE $logemail = '$logww'");
        $q2->execute(array(':email'=>$logemail,':wachtwoord'=>$logww));
        echo "Login succesvol!";
    }
?>

And the form: 

<form method="post">
    E-mail:<input type="text" name="email"><br>
    Wachtwoord:<input type="password" name="wachtwoord"><br>
    <input type="submit" name="submit" value="Inloggen"><br>
</form>

So it will accept Thodor20@gmail.com as 1 full value and not in parts?

2 answers

solution1
 3 ACCPTED  2014-09-30 14:33:03

You're using quotes around your table, columns and placeholders, remove them.

Those are not the right identifiers . 

INSERT INTO userinfo (voornaam,tussenvoegsel,achternaam,email,wachtwoord)   
VALUES (:voornaam,:tussenvoegsel,:achternaam,:email,:wachtwoord)

having used 

$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

right after the connection is opened, would have signaled the error.

This $q>execute is missing a - so change it to $q->execute the arrow operator is malformed. (although you seem to have it in your full body of code), it was worth mentioning just in case.

I also noticed you are using if($submit){ it's usually best using 

if(isset($_POST['submit'])){...}

Using @ symbols for @$_POST suppresses errors . It's best not to use them.

Password storage

You are using MD5 for password storage md5($password) .
This is no longer considered safe to use anymore.

I recommed you use CRYPT_BLOWFISH or PHP 5.5's password_hash() function.
For PHP < 5.5 use the password_hash() compatibility pack .

solution2
 1  2014-09-30 14:36:08

No, the SQL text is not correct. Identifiers are not enclosed in single quotes. 

INSERT INTO 'userinfo' ('voornaam','tussenvoegsel'
            ^        ^  ^        ^ ^             ^

(When MySQL sees the single quotes, it's seeing a string literal, not a table name or column name.)

The fix is to remove all those single quotes from your SQL text.

If an identifier needs to be escaped, it can be enclosed in backtick characters. (The funky back quote character, inconveniently located on the key to the left of the "1" key on my keyboard. 

INSERT INTO `userinfo` (`voornaam`,`tussenvoegsel`

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Insert HTML code into MySQL database using PHP-PDO->Prepare Statement PDO prepare insert values PDO MySQL prepare->execute INSERT INTO not appearing in Database Using PDO and PHP to insert data from form into MySQL database Failing to insert data from a form into a database using PDO Inputting form data into Mysql database using php Inputting data into MySQL database using PHP form Using PDO to insert data into database Insert into postgres database using PDO function to dynamic insert to Database using mysqli prepare
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM